Re: [dsfjdssdfsd] specifying an RNG

"Dan Harkins" <> Fri, 15 November 2013 23:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7725D11E811B for <>; Fri, 15 Nov 2013 15:14:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.789
X-Spam-Status: No, score=-4.789 tagged_above=-999 required=5 tests=[AWL=1.124, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4, SARE_SUB_11CONS_WORD=0.352]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id R1O3uIDm7l4R for <>; Fri, 15 Nov 2013 15:14:10 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id E5C4211E80DC for <>; Fri, 15 Nov 2013 15:14:06 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id 7D69C10224008; Fri, 15 Nov 2013 15:14:06 -0800 (PST)
Received: from (SquirrelMail authenticated user by with HTTP; Fri, 15 Nov 2013 15:14:06 -0800 (PST)
Message-ID: <>
In-Reply-To: <>
References: <> <> <>
Date: Fri, 15 Nov 2013 15:14:06 -0800
From: Dan Harkins <>
To: "Joseph Salowey (jsalowey)" <>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc:, Yaron Sheffer <>
Subject: Re: [dsfjdssdfsd] specifying an RNG
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 15 Nov 2013 23:14:16 -0000


On Fri, November 15, 2013 9:34 am, Joseph Salowey (jsalowey) wrote:
> On Nov 15, 2013, at 9:21 AM, Yaron Sheffer <>
>  wrote:
>> Hi Dan,
>> While I'm fully supportive of what you're out to achieve, I'm not clear
>> on what it is :-)
>> Option A: specify requirements for an RNG (must mix multiple sources of
>> randomness, must survive state disclosure, the output must not reveal
>> the internal state for a standard attacker model, etc.)
> [Joe] Yes

  Actually I think should this be draft-eastlake-randomness3.
RFC 4086 (which this will update) is a good but, as Donal noted,
dated set of requirements for a good random number generator.

>> Option B1: specify the deterministic part of an RNG, i.e. the crypto
>> algorithm.
> [Joe] Yes, except choose an exiting RNG and describe how to use it to meet
> requirements in A

  Yes, this is what I'm talking about. Something that someone can
implement straightforwardly. I think the potential for subtle mistakes
by someone who thinks he knows what he's doing after reading RFC
4086 (someone like me) is real and a specification that has been vetted
by some people who do know what they're doing would be valuable.

>> Option B2: specify the deterministic part, as well as the randomness
>> sources (I'm avoiding the E word...).
> [Joe] While this is somewhat out of scope we ought to provide whatever
> guidance we can so folks can avoid common implementation errors.  I think
> there are useful recommendations we can make based on the list of issues
> posted on a different thread.

  I agree with Joe on this.

>> Option A is important but most of us don't like requirements
>> documents...
>> Option B1 is certainly fun, but traditionally such work has not been
>> done in the IETF. In most cases we have recommended or adopted work done
>> by other standards bodies or even individual cryptographers.

  Which is fine! I'm not recommending we roll our own. We have RFCs
on secure hash algorithms, on key derivation functions, we even have
one on how to do the Diffie-Hellman key exchange. None of these are
original IETF work. What we don't have, though, is one on a good RNG
and that's something that should be rectified.



>> Option B2 is IMHO too OS-specific to be useful.
>> So which is it?
>> Thanks,
>>     Yaron
>> _______________________________________________
>> dsfjdssdfsd mailing list
> _______________________________________________
> dsfjdssdfsd mailing list