On 27/08/2010 19:38, Joshua Hill wrote: > The fact is that all of the approved deterministic RNGs have places that > you are expected to use to seed the generator. The text of the standard > explicitly states that you can use non-approved non-deterministic RNGs > to seed your approved deterministic RNG.
This is nice. > It's an even better situation if you look at the modern deterministic RNGs > described in NIST SP800-90. (You'll want to use these, anyway. They are > better designs and last I heard, NIST was planning on retiring the other > approved deterministic RNGs.) Every design in SP800-90 requires that your > initial seed is appropriately large and unpredictable, and the designs all > allow (indeed, require!) periodic reseeding in similarly reasonable ways. Given that we seem to have agreed that "unpredictable" is kinda hard, I'm amused that SP800-90 requires it. If it is a requirement then I wonder why NIST didn't specify how to generate and validate such a seed? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com