On Sat, Jul 28, 2012, Jeffrey Walton wrote: > Hi All, > > According to the FIPS 2.0 User Guide ("Default DRBG," page 64): "A > special DRBG instance called the "default DRBG" is used to map the > DRBG to the RAND > interface." Unfortunately, the documentation (both the Security Policy > and User Guide) does not appear to state the underlying generator. > > Which of the four SP800-90 generators are used as the default, and > what is the stated security level of the underlying algorithm? >
The default DRBG is decided by the application and not the module. In the case of the "OpenSSL" application it is specified in rand_lib.c and via the OPENSSL_DRBG_DEFAULT_TYPE and OPENSSL_DRBG_DEFAULT_FLAGS defines to allow them to be overridden by local compilation options or at runtime. The default in there is 256 bit CTR AES using a derivation function. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org