As well as normal reviews, responding to user queries, wiki user
requests, OMC business, handling security reports, etc., key activities
this month:
- Performed the 1.1.1 beta 1 (pre-3) release
- Performed a security release for 1.1.0 and 1.0.2
- Carried out a number of different tasks around the
The internal state of the CTR-DRBG consists of a key K and a counter V (see
figure 11 on page 48, which is the page before table 3). This is the reason why
it requires bits_of(K) + bits_of(V) = keysize + blocksize = 256 + 128 = 384
bits to initialize the internal state of the DRBG.
But the
>Note that with a nonce, that'll be 192 bits, unless I'm thinking
wrong... But I agree with you, at least from a very practical point
of view.
I think using a nonce is needless. Use a personalization string (I used the
address of the new DRBG).
In message <122b3c36-21ad-4904-a692-351ade567...@akamai.com> on Wed, 4 Apr 2018
11:58:54 +, "Salz, Rich" said:
rsalz> Is it expected that the number of bits of seed must equal the
rsalz> number of bits in the key strength?
It is expected that the number of bits of entropy
Is it expected that the number of bits of seed must equal the number of bits in
the key strength?
But at any rate, raising the seed size to 256 seems mildly tolerable, although
I would prefer to keep it at 128. Raising it to 384 is wrong.
___