On Tue, Sep 02, 2003 at 12:10:23PM -0400, Anton Stiglic wrote: > > Right. So I don't actually have the original ANSI X9.17 document (and it is > no longer available in the ANSI X9 catalogue). My references are > HAC section 5.3.1 > http://www.cacr.math.uwaterloo.ca/hac/about/chap5.pdf > and Kelsey, Schneier, Wagner and Hall's paper > http://www.counterpane.com/pseudorandom_number.pdf > > In both of the above references, ANSI X9.17 PRNG is described as taking > a 64-bit seed s along with a DES E-D-E encryption key k. > The encrypted time is XORed with the seed and this result is encrypted to > obtain the output, the seed is updated by encrypting the last output XORed > with the encrypted time. > So there is possibility of re-keying (the key that is used for the > encryption), > and re-seeding (explicitly, not relying on the self-re-seeding...). > > It is important to chose both a random seed and random key, and FIPS 140 > has no provision for this.
Well, it certainly doesn't forbid it; again, a simple approach is to treat the seed as part of the key material and replace it when sufficient entropy is available from hardware sources. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
