[openssl-project] Entropy seeding the DRBG
Salz, Rich
rsalz at akamai.com
Wed Apr 4 00:59:05 UTC 2018
If you say that AES256 needs CSPRNG seeding with 256 bits, then why doesn't RSA 2048 keygen need seed to be seeded with 2048 bits? I am not a cryptographer, but I do not agree with this argument
algorithms with a security level of 256 bit in TLS (like AES-256-CTR),
so it is necessary that the random generator provides this level of
security.
But if it is true, an AES128-CTR DRBG is still sufficient for generating keys. For the same reason that it is sufficient for generating Ed4418 or RSA2048 keys.
> The use of the nonce is mandated by section 10.2.1.3.2 of Nist SP 800-90Ar1:
We are not going for FIPS validation here. This might be a nice to have, but it is *NOT* a requirement for this release. Especially if it puts the seeding requirement beyond the reach of some of our supported platforms.
More information about the openssl-project
mailing list