User: Password:
Subscribe / Log in / New account

A new Dual EC DRBG flaw

A new Dual EC DRBG flaw

Posted Jan 1, 2014 17:44 UTC (Wed) by freemars (subscriber, #4235)
Parent article: A new Dual EC DRBG flaw

It seems like two words in the name of the algorithm -- deterministic random -- summarize the back door. Truth in packaging!

(Log in to post comments)

A new Dual EC DRBG flaw

Posted Jan 2, 2014 4:15 UTC (Thu) by eternaleye (subscriber, #67051) [Link]

Not at all. DRBG is the NIST terminology for a _pseudo_random number generator - which expands a small seed into a longer stream of unpredictable data.

DRBGs/PRNGs are used either when a) you don't have a hardware source of true randomness (generally either thermal, quantum, or radiological) b.) that hardware source generates randomness slower than you need (and so you want to expand it using something relatively fast) or c.) you want to pool randomness from multiple sources in a way that reduces the risks if one or more is compromised.

Linux's /dev/random and /dev/urandom are PRNGs that are seeded by hardware entropy sources; the BSDs generally use one based on the Yarrow construction from Schneier - both instances of c).

Stream ciphers are (essentially) PRNGs that you then XOR with your plaintext, a use case that _requires_ the same seed generate the same output (deterministic).

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds