[TLS] RNG vs. PRNG
Michael D'Errico <mike-list@pobox.com> Tue, 27 April 2010 00:54 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 229DE3A686E for <tls@core3.amsl.com>; Mon, 26 Apr 2010 17:54:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level:
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cpvbf4N7ELfq for <tls@core3.amsl.com>; Mon, 26 Apr 2010 17:54:05 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by core3.amsl.com (Postfix) with ESMTP id DCEEF3A69FD for <tls@ietf.org>; Mon, 26 Apr 2010 17:54:02 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 272BEAEAE1 for <tls@ietf.org>; Mon, 26 Apr 2010 20:53:50 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=0Tz2lCZu3Sat HWEIUgl12qAjyFQ=; b=sIBi+ziwGja+9xJt4PNLHushQJfE2qVqtzgjYTemgf+j lZxvlzEf0upm1nk9kwsgXi+BexogjQukkh6ODwPtGN2wv1xkYyH5MhJQuNOkUa0e DeZQxrU3iU+wwvmH/Zo34MlOFboGSG9muk5jTs0hD3JESoLxwfJYjLYLJbdSQ1E=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=O3m5nF SxOzKQAKX/Y0UBnx34C+tmEtng5g7HfQiqgWfPOEjFl0avAmoAhnyurta/GA0IfP T0dnOPW3nS20vY/e/29tDSIyn4LNAAK02iafZzhLAZBDmcDwUTcMYw5B/suwd2Sc tFRlbqE/9us7zPa1aCMwkw9qxHI0bkOa3wb+g=
Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 24863AEAE0 for <tls@ietf.org>; Mon, 26 Apr 2010 20:53:50 -0400 (EDT)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id D1FD1AEADF for <tls@ietf.org>; Mon, 26 Apr 2010 20:53:49 -0400 (EDT)
Message-ID: <4BD6359C.7070008@pobox.com>
Date: Mon, 26 Apr 2010 17:53:48 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: tls@ietf.org
References: <Pine.LNX.4.44.1004261355330.14419-100000@citation2.av8.net> <4BD5E3BD.2030605@extendedsubset.com> <4BD5EDB5.50409@pobox.com> <4BD60329.3030403@extendedsubset.com>
In-Reply-To: <4BD60329.3030403@extendedsubset.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 57E85E2E-5197-11DF-8C11-D033EE7EF46B-38729857!a-pb-sasl-quonix.pobox.com
Subject: [TLS] RNG vs. PRNG
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2010 00:54:06 -0000
Here are all the places within my code that generate random values and whether they are purely random or pseudo-random (via a CPRNG): RNG generate RSA premaster secrets RNG generate encryption key and HMAC secret used for session ticket protection CPRNG generate (part of) session IDs CPRNG generate initialization vectors CPRNG generate hello random values CPRNG generate random premaster secret in server (as part of defense against Bleichenbacher attack and version rollback detection) These last two are debatable. Marsh would have the hello randoms be purely random, not just unpredictable, and the OpenSSL implementation uses a CPRNG for the last one, but has a note that it /should/ use an RNG. IANAC, but wonder why the hello randoms would need to be purely random, versus just unpredictable, since they go over the wire in the clear? Also, does anyone know why the random premaster secret should be generated with a real RNG versus a CPRNG? Thanks, Mike
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Martin Rex
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Paul Hoffman
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Simon Josefsson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Martin Rex
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Russ Housley
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Paul Hoffman
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Martin Rex
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Martin Rex
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Paul Hoffman
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Simon Josefsson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Simon Josefsson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Martin Rex
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Dean Anderson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Michael D'Errico
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Dean Anderson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Kemp, David P.
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- [TLS] RNG vs. PRNG Michael D'Errico
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Dean Anderson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Dean Anderson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Kemp, David P.
- Re: [TLS] RNG vs. PRNG Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- Re: [TLS] RNG vs. PRNG Martin Rex
- Re: [TLS] RNG vs. PRNG Martin Rex
- Re: [TLS] RNG vs. PRNG Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Dean Anderson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Sean Turner