SP 800-90C 10.1.2
Paul Dale
paul.dale at oracle.com
Wed Apr 10 00:04:52 UTC 2019
Do any of the FIPS sponsors or OpenSSL project people think that SP 800-90C section 10.1.2 "Accessing a Source DRBG with Prediction Resistance to Obtain any Security Strength" is worthwhile including in the code base?
The main use is to allow a stronger DRBG to be seeded from a weaker one. For example: seeding AES-CTR-256-DRBG from AES-CTR-128-DRBG. The reasons in favour don't seem very compelling:
. There are some obscure use cases for which there is a fairly easy work around (use stronger DRBGs everywhere).
. A low quality hardware source could be used for higher strength applications.
. It would also provide some benefit for poorly set up DRBG chains.
. It can be used to construct randomness of any strength but I'm not aware of a current method to compress this down to high quality entropy that is directly usable (i.e. preserves the strength).
The PR is done (#8660 https://github.com/openssl/openssl/pull/8660) but I've closed it since it seems unloved. If anyone here does think that that would beneficial, say something as justification or it is gone.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20190409/fa664dd4/attachment.html>
More information about the openssl-project
mailing list