[16075] in Kerberos_V5_Development
Adding Fortuna as a new prng
daemon@ATHENA.MIT.EDU (Zhanna Tsitkova)
Wed Aug 18 20:30:06 2010
From: Zhanna Tsitkova <tsitkova@mit.edu>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Date: Wed, 18 Aug 2010 20:30:01 -0400
Message-ID: <8DD7AD829AB61E499A433D6E558110A3023E184C4A@EXPO7.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hello,
Internally we have discussed adding Fortuna as an alternative PRNG to krb5 at 1.9 timeframe. Generally Yarrow is considered a preferred algorithm for short-living applications, while long-runners, such as KDC, might take an advantage of Fortuna design as it works faster after the initialization is completed.
There are few questions to the community:
1. Code borrowing. At the moment we know about two open source implementations of Fortuna in C. One of them is from libTomCrypt project and another one circulates under "Copyright (c) Marko Kreen" license. The opinion was expressed that even though libTomCrypt license does not have any restrictions, it is somewhat faceless, and consequently might be an issue for the lawyers. So, perhaps, Marko Kreen's implementation is a better bid.
2. Fortuna requires SHA256. At the moment SHA2 is not part of Kerberos crypto-system. If Kerberos is built with OpenSSL or NSS cryptography, is it OK to use crypto primitives from these providers to implement Fortuna and do not support Fortuna PRNG for the library built with the built-in crypto backend?
3. Fortuna and Yarrow living together. Some use-cases indicate that Kerberos library might show better performance if both PRNG implementations are available at run-time. (For example, some lightweight client shares libraries with the server: the former works faster with Yarrow, the latter - with Fortuna). So, Fortuna and Yarrow should co-exist and PRNG selection should be a configurable, and pluggable, feature. This is the plan for the future. As the first step in Fortuna direction, however, we suggest to take an approach of one-PRNG-implementation-per-library.
Looking forward to your valuable comments and suggestions.
Thanks,
Zhanna
Zhanna Tsitkova
tsitkova@mit.edu
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
