FORTUNA Design
There are 4 main components to my implementation of Fortuna:
 |
sources and the source manager |
|
entropy pools and the entropy manager |
|
seedfile for persisting the state of the PRNG |
|
generator |
Here is a UML diagram for this implementation of Fortuna.
Each source object and each entropy pool execute on their own thread. The data from each source event is spread among all of the pools in a round robin fashion. With 32 entropy pools and around 40 source pools, the source data is mixed into the pools subject to the Windows thread scheduler. This makes it difficult for an attacker to know which entropy pool a given byte of source data ends up in.
Each source object contains an array of pointers to each entropy pool. In Practical Cryptography they recommend that each event generator pass the pool number to the accumulator (which in my design I believe would be equivalent to the source manager). See pages 171 and 172 for their comments. My solution to this was to remove a single point of attack when passing data from the entropy sources to the entropy pools. By giving each source a pointer to each of the 32 entropy pools, the thread scheduler determines which entropy source (thread) will get access to a pool when multiple sources attempt to access the same pool at the same time. Each pool contains a mutex to protect the pool data.
