[Cfrg] Fwd: [Technical Errata Reported] RFC4086 (3105)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 05 February 2012 13:59 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05C5621F8537 for <cfrg@ietfa.amsl.com>; Sun, 5 Feb 2012 05:59:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5aDU8yPv3YA4 for <cfrg@ietfa.amsl.com>; Sun, 5 Feb 2012 05:59:01 -0800 (PST)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id B9DE721F8530 for <cfrg@irtf.org>; Sun, 5 Feb 2012 05:59:00 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 19271171CAA; Sun, 5 Feb 2012 13:58:59 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-type:in-reply-to:references:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1328450338; bh=ePTr7Z+kZ1TjBrlA4w3HpSIk yWlBBvhrDErIk2zFvAo=; b=VLHTI3R1hsiDGCmo6+R4WsN8GDY667vXo6ccIAgy XEMEChkISUzFnLF3ztQ+LvNY/sTNoD0BqQPcC1LzwsM/61bM5lcrzMXqzzTaxiK/ uf5zGLWoq7PzpPQQfy6eVKnlDYOyoSbQlXIDcHStfj2NO5X9/z8JgTQ5jTDI7Tmp uDaqKCYcco5F/KUPK1ySgRZ9BysdphmqxtVCqmP/9V4xvuTCRoaU/dhWF6j1mXbs MFNH7X/huyQqfRfmQqLIRd27tw2Tc8E+CbOI6JWsLNwK9iGznptdReSz06jCzyn4 VaWn7S/dhOgYSuqYLoq/ZrG5gKds58Thq1ThJuJUHumZ8g==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id MDEiGrDWMkQM; Sun, 5 Feb 2012 13:58:58 +0000 (GMT)
Received: from [10.87.48.9] (unknown [86.45.50.113]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id A0ED4171BFF; Sun, 5 Feb 2012 13:58:57 +0000 (GMT)
Message-ID: <4F2E8B21.4050509@cs.tcd.ie>
Date: Sun, 05 Feb 2012 13:58:57 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: "cfrg@irtf.org" <cfrg@irtf.org>
References: <20120205114344.BF4A262176@rfc-editor.org>
In-Reply-To: <20120205114344.BF4A262176@rfc-editor.org>
X-Forwarded-Message-Id: <20120205114344.BF4A262176@rfc-editor.org>
Content-Type: multipart/mixed; boundary="------------020304070608060503030503"
Cc: "Turner, Sean P." <turners@ieca.com>
Subject: [Cfrg] Fwd: [Technical Errata Reported] RFC4086 (3105)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Feb 2012 13:59:02 -0000

Opinions welcome,
Thanks,
Stephen.

-------- Original Message --------
Subject: [Technical Errata Reported] RFC4086 (3105)
Date: Sun,  5 Feb 2012 03:43:44 -0800 (PST)
From: RFC Errata System <rfc-editor@rfc-editor.org>
To: Donald.Eastlake@motorola.com, jis@mit.edu, steve@stevecrocker.com, 
iesg@ietf.org
CC: fw@deneb.enyo.de, rfc-editor@rfc-editor.org


The following errata report has been submitted for RFC4086,
"Randomness Requirements for Security".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=4086&eid=3105

--------------------------------------
Type: Technical
Reported by: Florian Weimer <fw@deneb.enyo.de>

Section: 6.2.2

Original Text
-------------
    If one uses no more than the:

          log  ( log  ( s  ) )
             2      2    i

    low-order bits, then predicting any additional bits from a sequence
    generated in this manner is provably as hard as factoring n.

Corrected Text
--------------
(see below)

Notes
-----
As noted by Koblitz and Menezes in "Another look at provable security 
II", <http://eprint.iacr.org/2006/229.pdf>, this recommendation is based 
on a misinterpretation of the big-O notation. The claim about provable 
security is therefore misleading.

Instructions:
-------------
This errata is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC4086 (draft-eastlake-randomness2-10)
--------------------------------------
Title               : Randomness Requirements for Security
Publication Date    : June 2005
Author(s)           : D. Eastlake 3rd, J. Schiller, S. Crocker
Category            : BEST CURRENT PRACTICE
Source              : IETF - NON WORKING GROUP
Area                : N/A
Stream              : IETF
Verifying Party     : IESG