From 89dffe6c7e2c54a639cf4a470687c3054b6c6617 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 7 Dec 2017 12:00:22 +0100 Subject: [PATCH] add comment to Fortuna docs (cherry picked from commit cccd1e305302cb28391765d2e5c2ddd21d41385c) --- doc/crypt.tex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index feab8e0..df0b848 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -3666,11 +3666,15 @@ key, and any hash that produces at least a 256--bit output. However, to make th it has been fixed to those choices. Fortuna is more secure than Yarrow in the sense that attackers who learn parts of the entropy being -added to the PRNG learn far less about the state than that of Yarrow. Without getting into to many +added to the PRNG learn far less about the state than that of Yarrow. Without getting into too many details Fortuna has the ability to recover from state determination attacks where the attacker starts to learn information from the PRNGs output about the internal state. Yarrow on the other hand, cannot recover from that problem until new entropy is added to the pool and put to use through the ready() function. +For detailed information on how the algorithm works and what you have to do to maintain the secure state +get a copy of the book\footnote{Niels Ferguson and Bruce Schneier, Practical Cryptography. ISBN 0-471-22357-3.} or +read the paper online\footnote{\url{https://www.schneier.com/academic/paperfiles/fortuna.pdf} [Accessed on 7th Dec. 2017]}. + \subsubsection{RC4} RC4 is an old stream cipher that can also double duty as a PRNG in a pinch. You key RC4 by