logo_kerberos.gif

Projects/Alternative PRNG

From K5Wiki
< Projects
Revision as of 16:39, 18 December 2009 by TomYu (talk | contribs) (Alternative PRNG moved to Projects/Alternative PRNG: move to Projects)

Jump to: navigation, search
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.



Current Kerberos implementation uses Yarrow-160 as a native PRNG. The goal of this project is to simplify the process of adoption of the alternative pseudorandom number generators such as HW accelerators, OS or any other cryptographically secure PRN generators that better suit the particular environment (depending on the type of hardware, system,configuration) and requirements (optimization, FIPS certification etc).


Functional Requirements

  • Define PRNG implementation during configuration process
  • Implement Fortuna PRNG


Design

Milestones

  1. Define the place of PRNG module inside crypto library structure. Adjust build system accordingly.
  2. Evaluate the existing implementations of Fortuna PRNG. Adapt the appropriate code or implement Fortuna PRNG based on the design doc. This will require SHA2 addition.
  3. Document basic instructions how to implement and plug in a new PRNG.