[openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)
Dr. Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Sun Apr 8 19:52:53 UTC 2018
> > Wait what? This sounds nuts... Can you refer to something that backs your claim?
>
> The 384 comes straight out of SP800-90A, see the table 10.2.1.
> It's also in the code where we do:
> drbg->seedlen = keylen + 16;
> [...]
> if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
> [...]
> } else {
> drbg->min_entropylen = drbg->seedlen;
>
> (With keylen == 32)
>
> You'll also see that when not using a DF "full entropy" is needed,
> when using a DF it's not required.
>
> A DRBG can only generate "full entropy" for the first security
> strength / 2 bits it generates after a reseed. This is at least
> covered in SP800-90C 10.4, but there are other places that mention
> this too. So you need to pull the double amount of entropy from
> your entropy source if it doesn't provide full entropy. This also
> requires to use of prediction resistance.
>
>
> Kurt
Even if your claim about the 768 bits of entropy is correct, it only proves that it was a good idea to make the derivation function the default in commit 8164d91d1802e6173291dee50923cc60fcd3bf72.
Matthias
https://github.com/openssl/openssl/commit/8164d91d1802e6173291dee50923cc60fcd3bf72
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4328 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20180408/3cc1e5ba/attachment-0001.bin>
More information about the openssl-project
mailing list