[145776] in cryptography@c2.net mail archive
Re: questions about RNGs and FIPS 140
daemon@ATHENA.MIT.EDU (Thor Lancelot Simon)
Sun Aug 29 09:35:56 2010
Date: Sat, 28 Aug 2010 23:10:34 -0400
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: josh-lists@untruth.org, cryptography@metzdowd.com, leichter@lrw.com,
Nicolas.Williams@oracle.com,
travis+ml-cryptography@subspacefield.org
In-Reply-To: <E1OpFPi-0007N2-CU@wintermute02.cs.auckland.ac.nz>
On Sat, Aug 28, 2010 at 07:01:18PM +1200, Peter Gutmann wrote:
>
> Yup, and if you look at some of the generators you'll see things like the use
> of a date-and-time vector DT in the X9.17/X9.30 generator, which was the
> specific example I gave earlier of sneaking in seeding via the date-and-time.
> Unfortunately one lab caught that and required that the DT vector really be a
> date and time, specifically the 64-bit big-endian output of time(), the
> Security 101 counterexample for how to seed an RNG.
That doesn't make any sense. DT in that generator is really meant to
serve the role of a counter, and, in fact, the test harness for that
generator *requires* it to be a counter.
The seed for that generator is K.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
