Talk:Fortuna (PRNG)

Repeated blocks
I don't understand the flaw about repeated blocks created in counter mode. (Well sure, there will be repeated blocks after 2^128 blocks, but that's a silly huge number.)18.209.1.147 08:26, 29 December 2006 (UTC)

That's because it's wrong. The original version of the article said "repeated blocks would never be generated" or something along those lines; someone changed it to "would be generated", I fixed it, and later on someone broke it again. I'm about to clarify that bit of the article in the hope of making it less likely that well-intentioned people will break it. Gareth McCaughan 17:37, 29 December 2006 (UTC)

Size of entropy pools
How big is each entropy pool? Cmcqueen1975 (talk) 03:47, 8 December 2010 (UTC)


 * Unbounded; usually implemented with some sort of cryptographic hash. The FS&K Chapter suggests SHA_d-256, although I don't know of any reason plain SHA-256 or any SHA-3 finalist (in 256-bit or greater mode) would not suffice. KMeyer (talk) 00:27, 24 May 2019 (UTC)

What about the Pseudo part?
Can someone please clarify what needs to be controlled in order for this algrorithm to produce a repeatable random sequence? Do you have to feed the pools with the same data on each run?199.34.4.20 (talk) 22:14, 4 October 2016 (UTC)


 * You have to control the "entropy" sources and timing, and the timing/size of reads, from some known starting state (current key, counter and pools value(s)). Fortuna will reseed from the pools every 100 ms, if pool 0 has gathered sufficient bytes of entropy input over that interval, on demand (if a read is made).  It will also rekey (key erasure / forward secrecy) on every read operation, or every 1MB for large read operations.  If those are all controlled, the same output is produced.  KMeyer (talk) 00:34, 24 May 2019 (UTC)