chiark / gitweb /
rand/rand.[ch]: Spring-clean the random source cryptography.
* Use Twofish in counter mode for the main mixing function, because it
has lighter-weight key scheduling.
* Use SHA256 rather than HMAC(RIPEMD-160) for digesting. I don't
think HMAC has anything useful to bring to the party here, and
SHA256 is definitely closer to the security level we're aiming for
now.
* The context structure just contains a plain key now, rather than a
scheduled HMAC key, but there's padding to retain binary
compatibility.
* Keys fed into `rand_key' are mangled by hashing with a constant
prefix, mostly to sort out problems of length variation and so on.
* We keep back 256 bits rather than 160 now.
All of this obviously means that the generator will produce different
output now if you try to use it in a deterministic mode. Don't do that.
There are plenty of better deterministic generators in this library. I
reserve the right to change this one again in the future.