[Cfrg] Fwd: [Technical Errata Reported] RFC4086 (3105)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 05 February 2012 13:59 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 05C5621F8537 for <cfrg@ietfa.amsl.com>; Sun, 5 Feb 2012 05:59:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 5aDU8yPv3YA4 for <cfrg@ietfa.amsl.com>; Sun, 5 Feb 2012 05:59:01 -0800 (PST)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id B9DE721F8530 for <cfrg@irtf.org>; Sun, 5 Feb 2012 05:59:00 -0800 (PST)
Received: from localhost (localhost []) by hermes.scss.tcd.ie (Postfix) with ESMTP id 19271171CAA; Sun, 5 Feb 2012 13:58:59 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-type:in-reply-to:references:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1328450338; bh=ePTr7Z+kZ1TjBrlA4w3HpSIk yWlBBvhrDErIk2zFvAo=; b=VLHTI3R1hsiDGCmo6+R4WsN8GDY667vXo6ccIAgy XEMEChkISUzFnLF3ztQ+LvNY/sTNoD0BqQPcC1LzwsM/61bM5lcrzMXqzzTaxiK/ uf5zGLWoq7PzpPQQfy6eVKnlDYOyoSbQlXIDcHStfj2NO5X9/z8JgTQ5jTDI7Tmp uDaqKCYcco5F/KUPK1ySgRZ9BysdphmqxtVCqmP/9V4xvuTCRoaU/dhWF6j1mXbs MFNH7X/huyQqfRfmQqLIRd27tw2Tc8E+CbOI6JWsLNwK9iGznptdReSz06jCzyn4 VaWn7S/dhOgYSuqYLoq/ZrG5gKds58Thq1ThJuJUHumZ8g==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([]) by localhost (scss.tcd.ie []) (amavisd-new, port 10027) with ESMTP id MDEiGrDWMkQM; Sun, 5 Feb 2012 13:58:58 +0000 (GMT)
Received: from [] (unknown []) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id A0ED4171BFF; Sun, 5 Feb 2012 13:58:57 +0000 (GMT)
Message-ID: <4F2E8B21.4050509@cs.tcd.ie>
Date: Sun, 05 Feb 2012 13:58:57 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: "cfrg@irtf.org" <cfrg@irtf.org>
References: <20120205114344.BF4A262176@rfc-editor.org>
In-Reply-To: <20120205114344.BF4A262176@rfc-editor.org>
X-Forwarded-Message-Id: <20120205114344.BF4A262176@rfc-editor.org>
Content-Type: multipart/mixed; boundary="------------020304070608060503030503"
Cc: "Turner, Sean P." <turners@ieca.com>
Subject: [Cfrg] Fwd: [Technical Errata Reported] RFC4086 (3105)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Feb 2012 13:59:02 -0000

Opinions welcome,

-------- Original Message --------
Subject: [Technical Errata Reported] RFC4086 (3105)
Date: Sun,  5 Feb 2012 03:43:44 -0800 (PST)
From: RFC Errata System <rfc-editor@rfc-editor.org>
To: Donald.Eastlake@motorola.com, jis@mit.edu, steve@stevecrocker.com, 
CC: fw@deneb.enyo.de, rfc-editor@rfc-editor.org

The following errata report has been submitted for RFC4086,
"Randomness Requirements for Security".

You may review the report below and at:

Type: Technical
Reported by: Florian Weimer <fw@deneb.enyo.de>

Section: 6.2.2

Original Text
    If one uses no more than the:

          log  ( log  ( s  ) )
             2      2    i

    low-order bits, then predicting any additional bits from a sequence
    generated in this manner is provably as hard as factoring n.

Corrected Text
(see below)

As noted by Koblitz and Menezes in "Another look at provable security 
II", <http://eprint.iacr.org/2006/229.pdf>, this recommendation is based 
on a misinterpretation of the big-O notation. The claim about provable 
security is therefore misleading.

This errata is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.

RFC4086 (draft-eastlake-randomness2-10)
Title               : Randomness Requirements for Security
Publication Date    : June 2005
Author(s)           : D. Eastlake 3rd, J. Schiller, S. Crocker
Category            : BEST CURRENT PRACTICE
Source              : IETF - NON WORKING GROUP
Area                : N/A
Stream              : IETF
Verifying Party     : IESG