Pseudorandom Number Generator in Ansi X9.17
Jack Lloyd
lloyd at randombit.net
Thu Nov 10 11:13:00 EST 2005
On Thu, Nov 10, 2005 at 10:33:18AM +0000, Terence Joseph wrote:
> Hi,
>
> The Pseudorandom Number Generator specified in Ansi X9.17 used to be one of
> the best PRNGs available if I am correct. I was just wondering if this is
> still considered to be the case? Is it widely used in practical situations
> or is there some better implementation available? What would be the
> advantages/disadvantages of modifying the Ansi X9.17 PRNG to use AES
> instead of 3DES? Is this feasible at all?
Asides from the relatively small internal state, and the state compromise
extension problems noted by Schneier, Wagner, et al, X9.17/X9.31 are AFAIK good
PRNGs. It is very trivial to use AES instead of 3DES (just swap out the
algorithms, and change the size of the various internal values to match the
128-bit block size), and you get a larger keyspace, larger internal state, and
faster operation, so I'd say doing so is a complete win.
Technically, X9.17 has been withdrawn by ANSI, but X9.31 contains the exact
same PRNG in Appenxix A.2.4. ANSI still requires 2-key 3DES, but NIST allows
the use of 3-key 3DES or of AES with any keylength instead.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list