aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual/rng.rst
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-07-31 15:12:39 -0400
committerJack Lloyd <[email protected]>2017-07-31 16:45:30 -0400
commite22c52e46f1c8b27e4fad7cb8e87ca62a2a1cb3d (patch)
tree7b4b55e573a6b7c84304844fd23689ac487f2e41 /doc/manual/rng.rst
parentce2deaef167fbd2073959488880b932efaf024d9 (diff)
Add ChaCha_RNG
Diffstat (limited to 'doc/manual/rng.rst')
-rw-r--r--doc/manual/rng.rst13
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/manual/rng.rst b/doc/manual/rng.rst
index 7d586e743..592f319fa 100644
--- a/doc/manual/rng.rst
+++ b/doc/manual/rng.rst
@@ -78,6 +78,19 @@ initial seed is generated either by the system PRNG (if available) or
a default set of entropy sources. These are also used for periodic
reseeding of the RNG state.
+ChaCha_RNG
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This is a very fast userspace PRNG based on ChaCha20 and HMAC(SHA-256). The key
+for ChaCha is derived by hashing entropy inputs with HMAC. Then the ChaCha
+keystream generator is run, first to generate the new HMAC key (used for any
+future entropy additions), then the desired RNG outputs.
+
+This RNG composes two primitives thought to be secure (ChaCha and HMAC) in a
+simple and well studied way (the extract-then-expand paradigm), but is still an
+ad-hoc and non-standard construction. It is included because it is roughly 20x
+faster then HMAC_DRBG, and certain applications need access to a very fast RNG.
+
TPM_RNG
^^^^^^^^^^^^^^^^^