README
¶
Fortuna cryptographic random number generator implementation in Go
Fortuna implements the fortuna cryptographic random number generator as designed by Bruce Schneier and Niels Ferguson and described in Cryptography Engineering, N. Ferguson, B. Schneier, T. Kohno, ISBN 978-0-470-47424-2. It was implemented by Marc-Antoine Ruel.
Fortuna is best used in a long living server like a web server, where a lot of unpredictable events occurs and can be used to seed the accumulator. The implementation uses SHA-256 and AES-256 as the primitives.
This package includes all the necessary implementation and a python generator implementation for testing purposes.
References
All the pages (p.) references are to Cryptography Engineering, N. Ferguson, B. Schneier, T. Kohno, ISBN 978-0-470-47424-2.
Chapter 9 of Cryptography Engineering is freely available at https://www.schneier.com/fortuna.pdf.
Documentation
¶
Overview ¶
Package fortuna implements the fortuna random number generator as designed by Bruce Schneier and Niels Ferguson and described in Cryptography Engineering, N. Ferguson, B. Schneier, T. Kohno, ISBN 978-0-470-47424-2.
Fortuna is best used in a long living server like a http server, where a lot of unpredictable events occurs and can be used to seed the accumulator. Uses SHA-256 and AES-256 as the primitives.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DoubleHash ¶
DoubleHash runs SHAd-X as defined in p. 86, Definition 7. It firsts reset h's internal state, then write 0^b to it, then write all the input data. It pass the resulting hash back into it and return this digest.
func NewGenerator ¶
func NewGenerator(h hash.Hash, seed []byte) io.ReadWriter
NewGenerator returns an AES based cryptographic pseudo-random generator (PRNG) as described in p. 143.
A generator generates arbitrary amounts of pseudorandom data from a smaller amount of seed data by running AES-256 in counter mode and re-keying after every maxBytesPerRequest of output.
h is optional and defaults to SHA-256. This results in 128 bits of security.
Reseeding is done via .Write() function.
seed is optional. If seed is not provided, Write() must be called before calling Read(). The seed will deterministically determine the PRNG output. The resulting PRNG is guaranteed to not leak its internal state after each Read() call.
The resulting object is thread-safe.
Types ¶
type Fortuna ¶
type Fortuna interface {
io.Reader
// AddRandomEvent adds random data (entropy) from the given source. data
// should be in general 32 bytes or less. It is not useful to add more than
// 32 bytes of entropy at a time. If the data is more than 32 bytes, it will
// hashed first.
AddRandomEvent(source byte, data []byte)
}
Fortuna implements a cryptographic random number generator. It is used as an randomness entropy pool. Randomness can be read from and entropy can be added via AddRandomEvent().
func NewFortuna ¶
NewFortuna returns a new Fortuna instance seeded using seed. It is up to the caller to ensure that enough entropy is added to it. The io.Reader interface is to be used to read random data.
The resulting object is thread safe.
Source Files