Theodore Ts'o <tytso <at> mit.edu> writes: <snip>

I'll tell you right away that both Fortuna and Yarrow, which use crypto hashing in the entropy mixing step, is going to be a non-starter from a performance point of view. <snip>

One thing I wonder is if entropy collection could be separated from pool mixing - if entropy collection went to a ringbuffer or some other fast data structure; on excess entropy we could potentially let it drop some or xor new samples over the old that would be 'dropped'. Due to the round-robin nature of Fortuna's pool mixing, it could be parallelized, possibly allowing high-throughput implementations of mixing and low-latency implementations of submission. That could also help prevent dropped entropy. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography