|
|
Subscribe / Log in / New account

A new Dual EC DRBG flaw

A new Dual EC DRBG flaw

Posted Jan 24, 2014 18:58 UTC (Fri) by DavidJohnston (guest, #85852)
Parent article: A new Dual EC DRBG flaw

The Dual EC DRBG is absolutely not mandated to get FIPS 140 certification.

It is mandated by FIPS 140-2 that a DRBG (PRNG) within the FIPS boundary be compliant to SP800-90 (SP800-90A more recently).

SP800-90A gives 4 options (hash, hmac, ctr and dual_ec) and any one will do.

No honest implementer uses the dual_ec DRBG, event before the recent flap, because it is obviously stupid (slow, complex to implement without exposing to side channel attacks) and had published attacks in 2006.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds