questions about RNGs and FIPS 140
Thor Lancelot Simon
tls at rek.tjls.com
Sat Aug 28 23:10:34 EDT 2010
On Sat, Aug 28, 2010 at 07:01:18PM +1200, Peter Gutmann wrote:
>
> Yup, and if you look at some of the generators you'll see things like the use
> of a date-and-time vector DT in the X9.17/X9.30 generator, which was the
> specific example I gave earlier of sneaking in seeding via the date-and-time.
> Unfortunately one lab caught that and required that the DT vector really be a
> date and time, specifically the 64-bit big-endian output of time(), the
> Security 101 counterexample for how to seed an RNG.
That doesn't make any sense. DT in that generator is really meant to
serve the role of a counter, and, in fact, the test harness for that
generator *requires* it to be a counter.
The seed for that generator is K.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list