[openssl-project] Entropy seeding the DRBG

Salz, Rich rsalz at akamai.com
Wed Apr 4 00:59:05 UTC 2018

If you say that AES256 needs CSPRNG seeding with 256 bits, then why doesn't RSA 2048 keygen need seed to be seeded with 2048 bits?  I am not a cryptographer, but I do not agree with this argument
    algorithms with a security level of 256 bit in TLS (like AES-256-CTR),
    so it is necessary that the random generator provides this level of

But if it is true, an AES128-CTR DRBG is still sufficient for generating keys.  For the same reason that it is sufficient for generating Ed4418 or RSA2048 keys.

>    The use of the nonce is mandated by section of Nist SP 800-90Ar1:
We are not going for FIPS validation here.  This might be a nice to have, but it is *NOT* a requirement for this release.  Especially if it puts the seeding requirement beyond the reach of some of our supported platforms.

More information about the openssl-project mailing list