Closed blanu closed 11 years ago
singpolyma
commented
11 years ago The API in crypto-api for random numbers is quite good. It comes with an implementation for system entropy, but others can easily be implemented so that you can easily swap out.
blanu
commented
11 years ago Do you know if there is already a crypto-api implementation available for a (currently considered) secure PRNG or would we need to write one?
blanu
commented
11 years ago NIST SP 800-90A is no longer fashionable. I'm open to suggestions on the PRNG algorithm. How about a Skein-based PRNG? That's what I did for Dust v1 in python.
singpolyma
commented
11 years ago The crypto-api library implements one based on the entropy library (so, using system entropy.
cprng-aes exists, but it's using a different API
blanu
commented
11 years ago I replaced all uses of system entropy with the Skein PRNG. This is the Haskell implementation of the same PRNG used in Dust v1.
System entropy seems to often be broken. It should only be used to seed a PRNG. Perhaps use NIST SP 800-90A? http://hackage.haskell.org/package/DRBG-0.1.4