Jump to content

Talk:Fortuna (PRNG)

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is the current revision of this page, as edited by Aera23 (talk | contribs) at 01:34, 24 July 2024 ((edit, shorten line spacing)). The present address (URL) is a permanent link to this version.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Repeated blocks

[edit]

I don't understand the flaw about repeated blocks created in counter mode. (Well sure, there will be repeated blocks after 2^128 blocks, but that's a silly huge number.)18.209.1.147 08:26, 29 December 2006 (UTC)[reply]

That's because it's wrong. The original version of the article said "repeated blocks would never be generated" or something along those lines; someone changed it to "would be generated", I fixed it, and later on someone broke it again. I'm about to clarify that bit of the article in the hope of making it less likely that well-intentioned people will break it. Gareth McCaughan 17:37, 29 December 2006 (UTC)[reply]

Size of entropy pools

[edit]

How big is each entropy pool? Cmcqueen1975 (talk) 03:47, 8 December 2010 (UTC)[reply]

Unbounded; usually implemented with some sort of cryptographic hash. The FS&K Chapter suggests SHA_d-256(), although I don't know of any reason plain SHA-256 or any SHA-3 finalist (in 256-bit or greater mode) would not suffice. KMeyer (talk) 00:27, 24 May 2019 (UTC)[reply]

What about the Pseudo part?

[edit]

Can someone please clarify what needs to be controlled in order for this algrorithm to produce a repeatable random sequence? Do you have to feed the pools with the same data on each run?199.34.4.20 (talk) 22:14, 4 October 2016 (UTC)[reply]

You have to control the "entropy" sources and timing, and the timing/size of reads, from some known starting state (current key, counter and pools value(s)). Fortuna will reseed from the pools every 100 ms, if pool 0 has gathered sufficient bytes of entropy input over that interval, on demand (if a read is made). It will also rekey (key erasure / forward secrecy) on every read operation, or every 1MB for large read operations. If those are all controlled, the same output is produced. KMeyer (talk) 00:34, 24 May 2019 (UTC)[reply]

Contradiction

[edit]

These 2 sections have 2 sentences that contradicts the other if there are over 10 data requests a second (unless there is a limit on the amount of requests per second):

Seeding

The key is also changed after every data request (however small), so that a future key compromise doesn't endanger previous generator outputs.

Generator

Fortuna uses 32 pools, and restricts reseeding to happen at most 10 times per second. Aera23 (talk) 01:33, 24 July 2024 (UTC)[reply]