Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Yarrow algorithm
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Pros=== *Yarrow reuses existing building blocks. *Compared to previous PRNGs, Yarrow is reasonably efficient. *Yarrow can be used by programmers with no cryptography background in a reasonably secure way. Yarrow is portable and precisely defined. The interface is simple and clear. These features somewhat decrease the chances of implementation errors. *Yarrow was created using an attack-oriented design process. *The [[entropy estimation]] of Yarrow is very conservative, thus preventing [[Brute force attack|exhaustive search attacks]]. It is very common that PRNGs fail in real-world applications due to entropy overestimation and guessable starting points. *The reseeding process of Yarrow is relatively computationally expensive, thus the cost of attempting to guess the PRNG's key is higher. *Yarrow uses functions to simplify the management of seed files, thus the files are constantly updated. *To handle [[cryptanalysis|cryptanalytic]] attacks, Yarrow is designed to be based on a block cipher that is secured. The [[level of security]] of the generation mechanism depends on the block cipher. *Yarrow tries to avoid data-dependent execution paths. This is done to prevent [[side-channel attacks]] such as [[timing attacks]] and [[power analysis]]. This is an improvement compared to earlier PRNGs, for example RSAREF 2.0 PRNG, that will completely fall apart once additional information about the internal operations are no longer secured. *Yarrow uses cryptographic hash functions to process input samples, and then uses a secure update function to combine the samples with the existing key. This makes sure that the attacker cannot easily manipulate the input samples. PRNGs such as RSAREF 2.0 PRNG do not have the ability to resist this kind of chosen-input attack. *Unlike ANSI X9.17 PRNG, Yarrow has the ability to recover from a key compromise. This means that even when the key is compromised, the attacker will not be able to predict future outputs forever. This is due to the reseeding mechanism of Yarrow.<ref name="report1999"/>{{rp|5}} *Yarrow has the entropy samples pool separated from the key, and only reseeds the key when the entropy pool content is completely unpredictable. {{anchor|Iterative guessing attack}}This design prevents iterative guessing attacks, where an attacker with the key guesses the next sample and checks the result by observing the next output.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)