
Fast-key-erasure random-number generators - fanf2
http://blog.cr.yp.to/20170723-random.html
======
djmdjm
The design djb talks about of pre-generating batches of random numbers,
deleting the cipher key and erasing the numbers as they are extracted is
exactly what OpenBSD has done since Markus Friedl switched arc4random() to use
ChaCha20 in 2013:

[https://github.com/openbsd/src/commit/90c1fad70a3483c2c72c3c...](https://github.com/openbsd/src/commit/90c1fad70a3483c2c72c3c90acf438a5f235c776)

The design was inspired by Nick Mathewson's libottery:
[https://github.com/nmathewson/libottery](https://github.com/nmathewson/libottery)

I think he misses the point his criticism of getrandom() - that is intended to
be the interface by which the libc PRNG gets its seed; userspace programs
should just use the libc PRNG instead of going off to the kernel (i.e.
arc4random())

~~~
jfindley
He acknowledges this: "This RNG construction certainly isn't new but I don't
recall ever hearing a good name for it ..."

However many other kernels don't do this, and I think this article is written
to convince non-OpenBSD people to consider this. It's also a "further details
of supercop" article, but I'm mostly reading this as a continuing of djb's
long-standing criticism of the Linux PRNG (he's unhappy that it uses Intel's
RDRAND for example).

------
thankyoumuchly
The domain name shown is not complete. The well-known domain is cr.yp.to. This
is just as bad as only displaying "gov.tld".

~~~
jedisct1
The domain _is_ yp.to

DNS is hard.

~~~
eridius
In this particular case, yp.to has no A record. HN could in theory be smart
enough to show the shortest domain suffix that has an A record. Though I don't
know if that would actually help any domain other than cr.yp.to.

