[openssl-dev] OpenSSL DRBG in FIPS mode confusion.
bhat.jayalakshmi at gmail.com
Wed Mar 15 09:50:15 UTC 2017
OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have
question associated with this.
1. OpenSSL wiki says : Default DRBG is 256-bit CTR AES *using a derivation
2. Where as the document
mentions "no derivation function" in one place and in another sections
*Section 4 Modes of Operation and Cryptographic Functionality*
Random Number Generation; [SP 80090] DRBG5
Symmetric key generation Prediction resistance
HMAC DRBG, no reseed
supported for all variations
CTR DRBG (AES), no derivation function
*Section 6 Selftest *
DRBG KAT CTR_DRBG: AES, 256 bit with and without derivation function
Please can any one let me know what is the default behavior? Is there any
way to toggle between using and not using derivation function.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-dev