I-D ACTION:draft-ietf-security-randomness-02.txt
Internet-Drafts@CNRI.Reston.VA.US Wed, 12 October 1994 16:20 UTC
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa05193; 12 Oct 94 12:20 EDT
Received: from ietf.cnri.reston.va.us by CNRI.Reston.VA.US id aa10365; 12 Oct 94 12:20 EDT
Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa05182; 12 Oct 94 12:20 EDT
Received: from [127.0.0.1] by IETF.CNRI.Reston.VA.US id aa03781; 12 Oct 94 10:49 EDT
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce:;
Sender: ietf-announce-request@IETF.CNRI.Reston.VA.US
From: Internet-Drafts@CNRI.Reston.VA.US
Reply-to: Internet-Drafts@CNRI.Reston.VA.US
Subject: I-D ACTION:draft-ietf-security-randomness-02.txt
Date: Wed, 12 Oct 1994 10:49:12 -0400
X-Orig-Sender: cclark@CNRI.Reston.VA.US
Message-ID: <9410121049.aa03781@IETF.CNRI.Reston.VA.US>
A Revised Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : Randomness Requirements for Security
Author(s) : D. Eastlake, S. Crocker, J. Schiller
Filename : draft-ietf-security-randomness-02.txt
Pages : 36
Date : 10/11/1994
Security systems today are built on increasingly strong cryptographic
algorithms that foil pattern analysis attempts. However, the security of
these systems is dependent on generating secret quantities for passwords,
cryptographic keys, and similar quantities. The use of pseudo-random
processes to generate secret quantities can result in pseudo-security. The
sophisticated attacker of these security systems will often find it easier
to reproduce the environment that produced the secret quantities, searching
the resulting small set of possibilities, than to locate the quantities in
the whole of the number space.
Choosing random quantities to foil a resourceful and motivated attacker
is surprisingly difficult. This paper points out many pitfalls in using
traditional pseudo-random number generation techniques for choosing such
quantities, recommends the use of truly random hardware techniques, provides
suggestions to ameliorate the problem when a hardware solution is not
available, and gives examples of how large such quantities need to be for
some particular applications.
Internet-Drafts are available by anonymous FTP. Login with the
username "anonymous" and password "guest". After logging in,
Type "cd internet-drafts".
"get draft-ietf-security-randomness-02.txt".
Internet-Drafts directories are located at:
o US East Coast
Address: ds.internic.net (198.49.45.10)
o US West Coast
Address: ftp.isi.edu (128.9.0.32)
o Pacific Rim
Address: munnari.oz.au (128.250.1.21)
o Europe
Address: nic.nordu.net (192.36.148.17)
Internet-Drafts are also available by mail.
Send a message to: mailserv@ds.internic.net. In the body type:
"FILE /internet-drafts/draft-ietf-security-randomness-02.txt".
NOTE: The mail server at ds.internic.net can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e., documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
For questions, please mail to Internet-Drafts@cnri.reston.va.us.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version
of the Internet-Draft.
- I-D ACTION:draft-ietf-security-randomness-02.txt Internet-Drafts