If you say that AES256 needs CSPRNG seeding with 256 bits, then why doesn't RSA
2048 keygen need seed to be seeded with 2048 bits? I am not a cryptographer,
but I do not agree with this argument
algorithms with a security level of 256 bit in TLS (like AES-256-CTR),
so it is necessary that the random generator provides this level of
security.
But if it is true, an AES128-CTR DRBG is still sufficient for generating keys.
For the same reason that it is sufficient for generating Ed4418 or RSA2048 keys.
> The use of the nonce is mandated by section 10.2.1.3.2 of Nist SP
> 800-90Ar1:
We are not going for FIPS validation here. This might be a nice to have, but
it is *NOT* a requirement for this release. Especially if it puts the seeding
requirement beyond the reach of some of our supported platforms.
_______________________________________________
openssl-project mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-project
