On Sat, Jul 28, 2012, Jeffrey Walton wrote:
> Hi All,
>
> According to the FIPS 2.0 User Guide ("Default DRBG," page 64): "A
> special DRBG instance called the "default DRBG" is used to map the
> DRBG to the RAND
> interface." Unfortunately, the documentation (both the Security Policy
> and User Guide) does not appear to state the underlying generator.
>
> Which of the four SP800-90 generators are used as the default, and
> what is the stated security level of the underlying algorithm?
>
The default DRBG is decided by the application and not the module. In the case
of the "OpenSSL" application it is specified in rand_lib.c and via the
OPENSSL_DRBG_DEFAULT_TYPE and OPENSSL_DRBG_DEFAULT_FLAGS defines to allow them
to be overridden by local compilation options or at runtime.
The default in there is 256 bit CTR AES using a derivation function.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
