The microblog: 2022.02.24 16:55:28

2022.02.24 16:55:28 (1496876437768343552) from Daniel J. Bernstein:

Happy to see the Linux RNG getting faster and, more importantly, easier for security reviewers. But let me emphasize that my blog post says "this RNG construction certainly isn't new"; e.g., mapping b-bit key to b-bit output + b-bit rekey is in the cited 2005 Barak–Halevi paper.