1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00

Upgrade random_setup_special to use SHA-3.

The idea of the especially large RNG that we use in key generation is
that it should have as much actual entropy as possible. The reason I
based it on SHA-512 previously was that that was the hash function in
our collection with the largest output. But that's no longer true!
Among the SHA-3 family that I added for Ed448 purposes, we have a
ready-made variant of SHAKE-256 that outputs a whopping 114 bytes of
hash. I see no reason not to upgrade to that from SHA-512's 64 bytes.

(I could probably extend it even further by manually making another
SHA-3 variant specially for the purpose, but I don't know that it
would be worth it. This is a one-line change which I think is already
a positive step.)
This commit is contained in:
Simon Tatham 2020-12-27 08:30:51 +00:00
parent 79de16732a
commit 1bcab77eb1

View File

@ -1822,10 +1822,10 @@ void random_clear(void);
* generator specially, with a hash function of your choice. */
void random_setup_custom(const ssh_hashalg *hash);
/* random_setup_special() is a macro wrapper on that, which makes an
* extra-big one based on SHA-512. It's defined this way to avoid what
* would otherwise be an unnecessary module dependency from sshrand.c
* to sshsh512.c. */
#define random_setup_special() random_setup_custom(&ssh_sha512)
* extra-big one based on the largest hash function we have. It's
* defined this way to avoid what would otherwise be an unnecessary
* module dependency from sshrand.c to a hash function implementation. */
#define random_setup_special() random_setup_custom(&ssh_shake256_114bytes)
/* Manually drop a random seed into the random number generator, e.g.
* just before generating a key. */
void random_reseed(ptrlen seed);