SP 800-90C 10.1.2

Paul Dale paul.dale at oracle.com
Wed Apr 10 00:04:52 UTC 2019

Do any of the FIPS sponsors or OpenSSL project people think that SP 800-90C section 10.1.2 "Accessing a Source DRBG with Prediction Resistance to Obtain any Security Strength" is worthwhile including in the code base?


The main use is to allow a stronger DRBG to be seeded from a weaker one.  For example: seeding AES-CTR-256-DRBG from AES-CTR-128-DRBG.  The reasons in favour don't seem very compelling:

.         There are some obscure use cases for which there is a fairly easy work around (use stronger DRBGs everywhere). 

.         A low quality hardware source could be used for higher strength applications.

.         It would also provide some benefit for poorly set up DRBG chains.

.         It can be used to construct randomness of any strength but I'm not aware of a current method to compress this down to high quality entropy that is directly usable (i.e. preserves the strength). 


The PR is done (#8660 https://github.com/openssl/openssl/pull/8660) but I've closed it since it seems unloved.  If anyone here does think that that would beneficial, say something as justification or it is gone.






Dr Paul Dale | Cryptographer | Network Security & Encryption 

Phone +61 7 3031 7217

Oracle Australia

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20190409/fa664dd4/attachment.html>

More information about the openssl-project mailing list