[openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)
Richard Levitte
levitte at openssl.org
Sun Apr 8 17:15:16 UTC 2018
Kurt Roeckx <kurt at roeckx.be> skrev: (8 april 2018 17:36:27 CEST)
>On Sat, Apr 07, 2018 at 08:50:35PM +0200, Kurt Roeckx wrote:
>> On Sat, Apr 07, 2018 at 05:55:14PM +0000, Salz, Rich wrote:
>> > > Because
>> > > - It is not clear we need to do so
>> >
>> > > That we need to do what?
>> >
>> > Do FIPS compliant random numbers in this release.
>>
>> We will never have that in any release by default, like I already
>> stated a few times.
>>
>> > Everything is a trade-off. Please explain why you want AES256-CTR
>with a nonce, and why AES128-CTR with personalization (and/or a DF) is
>not sufficient.
>>
>> RAND_DRBG_set() takes 2 parameters: type and flags.
>>
>> Type can be:
>> - NID_aes_128_ctr
>> - NID_aes_192_ctr
>> - NID_aes_256_ctr
>>
>> The only flag is RAND_DRBG_FLAG_CTR_NO_DF. When using a DF a nonce
>> is required. When not using a DF the nonce is not used.
>>
>> We always use a personalization string.
>>
>> The requirements for not using a DF means that you need to use
>> "full entropy", which is even more strict then when using a DF.
>> Since we don't have a "full entropy" source, we can generate it
>> ourself, but it would require the double amount of entropy, so 512
>> bit. We have no code currently to do this, but there is an open
>> issue about it.
>
>This is actually wrong. When not using a DF, the seed length = 384
>for NID_aes_256_ctr. So we would need 768 bits of entropy if we
>don't have access to full entropy.
Wait what? This sounds nuts... Can you refer to something that backs your claim?
>
>
>Kurt
>
>_______________________________________________
>openssl-project mailing list
>openssl-project at openssl.org
>https://mta.openssl.org/mailman/listinfo/openssl-project
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the openssl-project
mailing list