Always hash crypto_strongest_rand() along with some prng

(before using it for anything besides feeding the PRNG) Part of #17694
author: Nick Mathewson <nickm@torproject.org> 2015-12-08 10:54:42 -0500
committer: Nick Mathewson <nickm@torproject.org> 2015-12-08 10:54:42 -0500
commit: 2259de0de726f3f617b2451d64f72f0d4d6bc0ae (patch)
tree: 6aeca7dc70a1231f8fd413d9572adbdf0a5c228f /changes
parent: 943369f927967268cacd2067ccae0bc5f1c5835e (diff)
download: tor-2259de0de726f3f617b2451d64f72f0d4d6bc0ae.tar.gz
tor-2259de0de726f3f617b2451d64f72f0d4d6bc0ae.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/changes/bug17694_strongest b/changes/bug17694_strongest
new file mode 100644
index 0000000000..0a8954a25e
--- /dev/null
+++ b/changes/bug17694_strongest
@@ -0,0 +1,6 @@
+  o Minor features (security):
+    - Never use the system entropy output directly for anything besides
+      seeding the PRNG.  When we want to generate important keys, instead
+      of using system entropy directly, hash it with the PRNG stream.
+      This may help resist certain attacks based on broken OS entropy
+      implementations. Closes part of ticket 17694.
+\ No newline at end of file
author	Nick Mathewson <nickm@torproject.org>	2015-12-08 10:54:42 -0500
committer	Nick Mathewson <nickm@torproject.org>	2015-12-08 10:54:42 -0500
commit	2259de0de726f3f617b2451d64f72f0d4d6bc0ae (patch)
tree	6aeca7dc70a1231f8fd413d9572adbdf0a5c228f /changes
parent	943369f927967268cacd2067ccae0bc5f1c5835e (diff)
download	tor-2259de0de726f3f617b2451d64f72f0d4d6bc0ae.tar.gz tor-2259de0de726f3f617b2451d64f72f0d4d6bc0ae.zip