SP 800-90C 10.1.2

[Salz, Rich]

No love from Akamai for this: it seems to be done for completionist reasons and it seems risky.

From: "paul.dale at oracle.com" <paul.dale at oracle.com>
Date: Tuesday, April 9, 2019 at 8:07 PM
To: "fips-sponsors at openssl.org" <fips-sponsors at openssl.org>
Cc: "openssl-project at openssl.org" <openssl-project at openssl.org>
Subject: SP 800-90C 10.1.2

Do any of the FIPS sponsors or OpenSSL project people think that SP 800-90C section 10.1.2 “Accessing a Source DRBG with Prediction Resistance to Obtain any Security Strength” is worthwhile including in the code base?

The main use is to allow a stronger DRBG to be seeded from a weaker one.  For example: seeding AES-CTR-256-DRBG from AES-CTR-128-DRBG.  The reasons in favour don’t seem very compelling:

  *   There are some obscure use cases for which there is a fairly easy work around (use stronger DRBGs everywhere).
  *   A low quality hardware source could be used for higher strength applications.
  *   It would also provide some benefit for poorly set up DRBG chains.
  *   It can be used to construct randomness of any strength but I’m not aware of a current method to compress this down to high quality entropy that is directly usable (i.e. preserves the strength).

The PR is done (#8660 https://github.com/openssl/openssl/pull/8660<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_8660&d=DwMFAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=7y8i8f_jFNGUJCaPCDSdkHqGsI_jO52jpnghkgmKyy0&s=56TxKBgAh-dg3Z-02GgoT6B1_ZYQ9dHMblLe-d8qS3I&e=>) but I’ve closed it since it seems unloved.  If anyone here does think that that would beneficial, say something as justification or it is gone.


Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20190410/b28e0797/attachment-0001.html>