[Cryptography] OpenSSL CSPRNG work
Ray Dillinger
bear at sonic.net
Sun Jul 2 15:15:59 EDT 2017
On 07/02/2017 01:36 AM, Florian Weimer wrote:
>> "Salz, Rich" <rsalz at akamai.com> writes:
> This implementation is unlikely to pass certification. Some auditors
> do not allow the use of /dev/urandom to seed another generator. I
> don't know yet if we can just prentend that our arc4random
> implementation is not cryptographically secure, and thereby game the
> auditing process. I expect that anyone who uses actual cryptography
> uses a cryptographic library which comes with its own CSPRNG, so this
> shouldn't be a problem in practice as along as our arc4random provides
> an unpredictable stream of bits, even if it is not certified to do so.
Arc4random should not be mistaken for a CSPRNG. It's a good PRNG, but
at this point there are enough attacks on it that it's not really good
enough for cryptography anymore. So it should not be certified as
cryptographically secure - there is no "pretending" about it, and it is
not "gaming" the auditing process.
On the other hand, given some particular permutation of 256 elements,
its stream of output is entirely repeatable. So it's fine as a PRNG for
repeatable sequences.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170702/89227b9c/attachment.sig>
More information about the cryptography
mailing list