[Otpasswd-talk] Seeding counter?

[Tomasz bla Fortuna]

Hello, ;-)

I found a reference to fortuna prng in pack of mails you sent me. It's
kind of neat thing to look at because it works almost exactly as PPP:
It generates random data using a block-cipher. That's kind of good
reason not to use SHA256 instead of AES (which was the reason somebody
mentioned fortuna prng).

Well, I found in mailing list of postgresql following code/comment:
http://www.mail-archive.com/address@hidden/msg12487.html

!  * Fortuna relies on AES standing known-plaintext attack.
!  * In case it does not, slow down the attacker by initialising
!  * the couter to random value.

So at least postgresql implementation of fortuna prng tries to do
something I'm trying to achieve with this salt.
In case of fortuna it's even not so important because you don't get
counter information along random data generated. In case of ppp you do
- passcode location.

Question, previously stated by you, persists: if it really is worth
doing.

I'm getting kind of convinced to implement sequence_key selection
algorithm. I'd check not only duplicate existance but also ensure it's
randomness somehow (well all-0 key can be generated for sure but might
not be best one to use). Still this musn't decrease it's natural
randomness much... It must be done wise or not at all.


I've split project into library, pam module and utility. Installation
instructions are lacking for now, I plan to add some testcase for RNG,
for passchar distribution (instead of bit distribution which will fail
for non-2^X alphabets), install on my machines, update ebuild and
publish as 0.4. 

If you have r/w access to grc news you can post there some short info
about this project. ;-) I wonder if this support2009@ mail was ok. ;d 

Cheers,
-- 
Tomasz bla Fortuna
jid: bla(at)af.gliwice.pl
pgp: 0x90746E79 @ pgp.mit.edu
www: http://bla.thera.be

signature.asc
Description: PGP signature