Upgrade random_setup_special to use SHA-3.

The idea of the especially large RNG that we use in key generation is that it should have as much actual entropy as possible. The reason I based it on SHA-512 previously was that that was the hash function in our collection with the largest output. But that's no longer true! Among the SHA-3 family that I added for Ed448 purposes, we have a ready-made variant of SHAKE-256 that outputs a whopping 114 bytes of hash. I see no reason not to upgrade to that from SHA-512's 64 bytes. (I could probably extend it even further by manually making another SHA-3 variant specially for the purpose, but I don't know that it would be worth it. This is a one-line change which I think is already a positive step.)
2025-01-09 17:38:00 +00:00 · 2020-12-27 08:30:51 +00:00 · 2020-12-27 08:30:51 +00:00 · 1bcab77eb1
commit 1bcab77eb1
parent 79de16732a
1 changed files with 4 additions and 4 deletions
--- a/putty.h
+++ b/putty.h
@ -1822,10 +1822,10 @@ void random_clear(void);
 * generator specially, with a hash function of your choice. */
 void random_setup_custom(const ssh_hashalg *hash);
 /* random_setup_special() is a macro wrapper on that, which makes an
- * extra-big one based on SHA-512. It's defined this way to avoid what
- * would otherwise be an unnecessary module dependency from sshrand.c
- * to sshsh512.c. */
-#define random_setup_special() random_setup_custom(&ssh_sha512)
+ * extra-big one based on the largest hash function we have. It's
+ * defined this way to avoid what would otherwise be an unnecessary
+ * module dependency from sshrand.c to a hash function implementation. */
+#define random_setup_special() random_setup_custom(&ssh_shake256_114bytes)
 /* Manually drop a random seed into the random number generator, e.g.
 * just before generating a key. */
 void random_reseed(ptrlen seed);