[TLS] rfc8446-bis CSPRNG
Loganaden Velvindron <loganaden@gmail.com> Mon, 10 February 2025 06:48 UTC
Return-Path: <loganaden@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1251CC1D4CFF for <tls@ietfa.amsl.com>; Sun, 9 Feb 2025 22:48:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5UKT6BsSz-gP for <tls@ietfa.amsl.com>; Sun, 9 Feb 2025 22:48:55 -0800 (PST)
Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEA0EC1D4CF8 for <TLS@ietf.org>; Sun, 9 Feb 2025 22:48:47 -0800 (PST)
Received: by mail-ot1-x32e.google.com with SMTP id 46e09a7af769-71e2764aa46so2892158a34.2 for <TLS@ietf.org>; Sun, 09 Feb 2025 22:48:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739170126; x=1739774926; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=gHDncgOLW0p1gK35FqZteaq8LR/WR+AFtQb1MTE6w34=; b=GeQG35RMOSBTXgDi9Rdd/0nyKPOP+VllYy4CL2qMHlSxqAHNQ++VHjPD6EX0qdY7Bt 2c9p1ba78fmMWRDw3QE/QYhWpkTI6mtvpiDqNplwHl+AhQ0S+rpOkBe0Z7BnIEu55gWX Grz5YKZR+27QPP4gX+oNqmPuKJsRrL778xaSdKhYFNuIYkekysdhVOV9tTK1RfM/kvVV dp5icqmXE8FJ/LLidK3h79iH03YpXgl7X2WZSz3cGLpqbbk3TmzPCBtf+TnuzNuqesT1 cIVzdxKsfjBT3MxM1k+MyoQvxjX9kFSL+Pwo73vwkx6AX9AJ1JKib5N64cKUq/BTcJFB C5Ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739170126; x=1739774926; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=gHDncgOLW0p1gK35FqZteaq8LR/WR+AFtQb1MTE6w34=; b=K//FWa3ojnU1n4CFPqJjAZtHF3qvRZCEvqW8ehw8dEvmqDTdaFpmRpdMa7QGFoP3oB AVQ6UFLFT5iF3xubuURxTsG7cT/MIKRPaxpzEhd/Rwx0qkKcoURB8YkjQBwF0q0LntV1 tbMX+7nOP5dHg8OS/BrRCfrmc5Vjgnf1JdtYp5Xi3r3kWstoaCLjUNcI6PQx+fWtTKKH +yLfXooOvsE0xMCDgnXidStUefhaM8U9htGENvvd8xYlBTBCx1qgbjK5y/oSGRBqs8CF wQchPyU4lJQRALT93gQiSwNeOxL18jvyH9h5DQ3k2Y5UZ25Z0ehxtk1Q6IJ9uRgz78kF xV0g==
X-Gm-Message-State: AOJu0YytXt6a3aKqiyo1OvHbwqePIeucNzrGQqznoaC8ohhOjq+MyVqD ME3VVM47HXvhS8UoW5uZjKU+GepEzBr0ZQ1Aw681rftmmkV7saXF+BT/t90/sFoKFQa1dwQxs70 KdS9ejoLYprnRVTF+tliGXlUeaILrDWTP
X-Gm-Gg: ASbGncupfhVoQ+kBeGxsXZgOgy+Vd9YjDOydV3UEM4OI/nhsxWg4+q+6eOiocqpamGj 6zmEajmCahLR+VgEfb3FSS1gs2EVwA8eS/FbywU96wpqnhKIuWhuDCD1x65uUbv3gECdY
X-Google-Smtp-Source: AGHT+IGeOb29nBM3xV8591wl5ESAjjmk8UE7NAgQBrBGBz5/6aua3TqcedS64Do3vid5YwGl4kbf6hCQ20PmOpsugk0=
X-Received: by 2002:a05:6830:6e03:b0:71d:63fc:2ea6 with SMTP id 46e09a7af769-726b87db6c0mr9403374a34.8.1739170126235; Sun, 09 Feb 2025 22:48:46 -0800 (PST)
MIME-Version: 1.0
From: Loganaden Velvindron <loganaden@gmail.com>
Date: Mon, 10 Feb 2025 10:48:34 +0400
X-Gm-Features: AWEUYZkR-D6aAjyv3-jf_F4dELzDod3tqNd_heFgH8w0lLMZnxDutuSZrSvO7ZY
Message-ID: <CAOp4FwQ7MRNcnJR00RcH3kQJGw7sjW+K6k9H=9uBi-9B6YifPQ@mail.gmail.com>
To: "<tls@ietf.org>" <TLS@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: 7GUIXOPHRWYCIO4TUIJIVL74H3LLFIT3
X-Message-ID-Hash: 7GUIXOPHRWYCIO4TUIJIVL74H3LLFIT3
X-MailFrom: loganaden@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] rfc8446-bis CSPRNG
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/exh69ej8ilzVFx25d7X7odeVzGM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hi All, This caught my attention: " TLS requires a cryptographically secure pseudorandom number generator (CSPRNG). In most cases, the operating system provides an appropriate facility such as /dev/urandom, which should be used absent other (e.g., performance) concerns. It is RECOMMENDED to use an existing CSPRNG implementation in preference to crafting a new one. Many adequate cryptographic libraries are already available under favorable license terms." /dev/urandom is nice, but many OSes have adopted the getrandom() interface. The advantage is that you don't need an additional file description open and it can work in a chroot too ... Also, could we mention something like arc4random() as a CSPRNG implementation ? It has been widely adopted by several OSes. Can this be suggested as well ?
- [TLS] rfc8446-bis CSPRNG Loganaden Velvindron
- [TLS] Re: rfc8446-bis CSPRNG Martin Thomson