[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Various RNG proposals
Documents reviewed: kmip-rng-base-wd01 kmip-rng-query-wd01 kmip-rng-attribute-wd01 kmip-rng-specify-wd01 Comment on kmip-rng-base-wd01: Draft NIST SP800-90C specifies two constructions for NRBGs: XOR and oversampling. Can we add an NRBG construction field enumeration to the RNG Parameters structure to identify these construction types? General comments on RNG support and usage in KMIP: Whilst I think that each of these proposals has merit, and are beginning to partially address some of the issues that I have raised before, I do not believe that they go far enough. They do not address the most serious issue: the proposed cryptographic services for the 1.2 standard support implementations that allow any client to seed an RNG used by the server, and all other clients. The standard does not encourage, recommend, or require secure random implementations. At the very least, Usage Guide documentation should identify this issue, and discourage implementations that allow these RNG side channel attacks. As a next step, there should be a separate profile for each random reseed behaviour that a server can implement. Best of all, require independent random instances that do not leak information between clients, or clients and server. John ---------------------------------------------------------------------- John Leiseboer QuintessenceLabs Pty Ltd Chief Technology Officer Suite 23, Physics Building #38 Phone: +61 7 5494 9291 (Qld) Science Road Phone: +61 2 6125 9498 (ACT) Australian National University Mobile: +61 409 487 510 Acton ACT 0200 Fax: +61 2 6125 7180 AUSTRALIA Email: JL@quintessencelabs.com www.quintessencelabs.com ----------------------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]