I-D Action: draft-eastlake-randomness3-00.txt
internet-drafts@ietf.org Tue, 05 November 2013 19:23 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietfa.amsl.com
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68B4721E8096 for <i-d-announce@ietfa.amsl.com>; Tue, 5 Nov 2013 11:23:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.57
X-Spam-Level:
X-Spam-Status: No, score=-102.57 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Vskx1QhhBiH for <i-d-announce@ietfa.amsl.com>; Tue, 5 Nov 2013 11:23:04 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 15D6B11E80E2 for <i-d-announce@ietf.org>; Tue, 5 Nov 2013 11:22:52 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-eastlake-randomness3-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 4.82
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20131105192221.29536.77598.idtracker@ietfa.amsl.com>
Date: Tue, 05 Nov 2013 11:22:21 -0800
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.12
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2013 19:23:06 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Randomness Requirements for Security Author(s) : Donald E. Eastlake Steve Crocker Charlie Kaufman Jeffrey I. Schiller Filename : draft-eastlake-randomness3-00.txt Pages : 53 Date : 2013-11-05 Abstract: Security systems are built on strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar values. The use of pseudo-random processes to generate secret quantities can result in pseudo- security. For example, the sophisticated attacker of these security systems may find it easier to reproduce the environment that produced the secret quantities, searching a resulting small set of possibilities, than to locate the quantities in the whole of the potential number space. Choosing random quantities to foil a resourceful and motivated adversary can be surprisingly difficult. This document points out many pitfalls in using poor entropy sources or traditional pseudo- random number generation techniques for generating such quantities. It recommends the use of multiple sources with a strong mixing function, so that no single source need be fully trusted, and provides techniques for extending a random seed to a larger quantity of pseudo-random material in a cryptographically secure way. And it gives examples of how large such quantities need to be for some applications. This document obsoletes RFC 4086. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-eastlake-randomness3 There's also a htmlized version available at: http://tools.ietf.org/html/draft-eastlake-randomness3-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/
- I-D Action: draft-eastlake-randomness3-00.txt internet-drafts