Re: [openssl-project] Entropy seeding the DRBG

2018-04-30 Thread Kurt Roeckx
On Mon, Apr 30, 2018 at 06:00:20PM +0200, Richard Levitte wrote: > > So I'd like to have it confirmed that I'm reading this right, that's > about 0.08 entropy bits per 8 data bits? Or is it per data bit? Per symbol, being 8 bits for what you provided. > Depending on the interpretation, we

Re: [openssl-project] Entropy seeding the DRBG

2018-04-30 Thread Richard Levitte
In message <20180430.164908.1424770216194967097.levi...@openssl.org> on Mon, 30 Apr 2018 16:49:08 +0200 (CEST), Richard Levitte said: levitte> In message <20180430.152609.587396153749337701.levi...@openssl.org> on Mon, 30 Apr 2018 15:26:09 +0200 (CEST), Richard Levitte

Re: [openssl-project] Entropy seeding the DRBG

2018-04-30 Thread Richard Levitte
In message <20180430.152609.587396153749337701.levi...@openssl.org> on Mon, 30 Apr 2018 15:26:09 +0200 (CEST), Richard Levitte said: levitte> In message <20180430131000.ga25...@roeckx.be> on Mon, 30 Apr 2018 15:10:01 +0200, Kurt Roeckx said: levitte>

Re: [openssl-project] Entropy seeding the DRBG

2018-04-30 Thread Richard Levitte
In message <20180430131000.ga25...@roeckx.be> on Mon, 30 Apr 2018 15:10:01 +0200, Kurt Roeckx said: kurt> The comment about not hashing it is if you want to use the tool to kurt> do entropy estimation. Hashing it will not increase the entropy, kurt> but the estimation will be

Re: [openssl-project] Entropy seeding the DRBG

2018-04-30 Thread Richard Levitte
In message <20180424172439.ga8...@roeckx.be> on Tue, 24 Apr 2018 19:24:40 +0200, Kurt Roeckx said: kurt> On Tue, Apr 24, 2018 at 07:20:42AM +0200, Richard Levitte wrote: kurt> > Like I think I mentioned a few days ago, I'm currently on a conference. I'll take this up in more

Re: [openssl-project] Entropy seeding the DRBG

2018-04-23 Thread Paul Dale
nssl-project] Entropy seeding the DRBG On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote: > In the mean time, I've spent a few days going through the docs on all > kinds of data that you can get out from the VMS kernel, most notably > through a system service call

Re: [openssl-project] Entropy seeding the DRBG

2018-04-23 Thread Kurt Roeckx
On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote: > In the mean time, I've spent a few days going through the docs on all > kinds of data that you can get out from the VMS kernel, most notably > through a system service called sys$getrmi()... there's a gazillion > data points, a

Re: [openssl-project] Entropy seeding the DRBG

2018-04-09 Thread Kurt Roeckx
On Sat, Apr 07, 2018 at 07:00:21PM +0200, Richard Levitte wrote: > kurt> I wonder if it's useful to have a thread of VMS that collects > kurt> such bits all the time, like the kernel is doing. > > I was pondering something like that, and it does make sense. That, or > creating a generic device

Re: [openssl-project] Entropy seeding the DRBG

2018-04-07 Thread Richard Levitte
In message <20180407174527.gc20...@roeckx.be> on Sat, 7 Apr 2018 19:45:28 +0200, Kurt Roeckx said: kurt> On Sat, Apr 07, 2018 at 07:00:21PM +0200, Richard Levitte wrote: kurt> > In message <20180407160031.gb12...@roeckx.be> on Sat, 7 Apr 2018 18:00:32 +0200, Kurt Roeckx

Re: [openssl-project] Entropy seeding the DRBG

2018-04-07 Thread Kurt Roeckx
On Sat, Apr 07, 2018 at 07:00:21PM +0200, Richard Levitte wrote: > In message <20180407160031.gb12...@roeckx.be> on Sat, 7 Apr 2018 18:00:32 > +0200, Kurt Roeckx said: > > kurt> On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote: > kurt> > > Can I suggest you try

Re: [openssl-project] Entropy seeding the DRBG

2018-04-07 Thread Richard Levitte
In message <20180407160031.gb12...@roeckx.be> on Sat, 7 Apr 2018 18:00:32 +0200, Kurt Roeckx said: kurt> On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote: kurt> > > Can I suggest you try something like kurt> > >

Re: [openssl-project] Entropy seeding the DRBG

2018-04-07 Thread Kurt Roeckx
On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote: > > Can I suggest you try something like > > https://github.com/usnistgov/SP800-90B_EntropyAssessment to at least > > get an idea? You would need to sample 1 variable and feed that into > > it. > > And yeah, sure, especially if all

Re: [openssl-project] Entropy seeding the DRBG

2018-04-04 Thread Dr. Matthias St. Pierre
Gesendet: Mittwoch, 4. April 2018 15:09 > An: openssl-project@openssl.org > Betreff: Re: [openssl-project] Entropy seeding the DRBG > > In message <122b3c36-21ad-4904-a692-351ade567...@akamai.com> on Wed, 4 Apr > 2018 11:58:54 +, "Salz, Rich" > <rs...@aka

Re: [openssl-project] Entropy seeding the DRBG

2018-04-04 Thread Salz, Rich
>Note that with a nonce, that'll be 192 bits, unless I'm thinking wrong... But I agree with you, at least from a very practical point of view. I think using a nonce is needless. Use a personalization string (I used the address of the new DRBG).

Re: [openssl-project] Entropy seeding the DRBG

2018-04-04 Thread Richard Levitte
In message <122b3c36-21ad-4904-a692-351ade567...@akamai.com> on Wed, 4 Apr 2018 11:58:54 +, "Salz, Rich" said: rsalz> Is it expected that the number of bits of seed must equal the rsalz> number of bits in the key strength? It is expected that the number of bits of entropy

Re: [openssl-project] Entropy seeding the DRBG

2018-04-04 Thread Salz, Rich
Is it expected that the number of bits of seed must equal the number of bits in the key strength? But at any rate, raising the seed size to 256 seems mildly tolerable, although I would prefer to keep it at 128. Raising it to 384 is wrong. ___

Re: [openssl-project] Entropy seeding the DRBG

2018-04-03 Thread Salz, Rich
If you say that AES256 needs CSPRNG seeding with 256 bits, then why doesn't RSA 2048 keygen need seed to be seeded with 2048 bits? I am not a cryptographer, but I do not agree with this argument algorithms with a security level of 256 bit in TLS (like AES-256-CTR), so it is necessary

Re: [openssl-project] Entropy seeding the DRBG

2018-04-03 Thread Dr. Matthias St. Pierre
Since both pull requests mentioned by Richard were reviewed and approved by me, I would to add a few remarks on those two pull requests: Ad #5401: Switch the DRBGs from AES-128-CTR to AES-256-CTR > The requirement change from 128 to 256 happened with this commit: > > commit

Re: [openssl-project] Entropy seeding the DRBG

2018-04-03 Thread Paul Dale
: [openssl-project] Entropy seeding the DRBG In message <da29a952-d1e7-44ed-8be9-115e073a5...@akamai.com> on Tue, 3 Apr 2018 12:52:50 +, "Salz, Rich" <rs...@akamai.com> said: rsalz> I had not realized that we just increased the "entropy" rsalz> requirements b

Re: [openssl-project] Entropy seeding the DRBG

2018-04-03 Thread Salz, Rich
>Please note that that 50% extra is only used for instantiating the DRBG. On reseed we it only uses 256 bits. True. And now we're finding that VMS won't work. And I bet there are other systems that will also find this amount excessive. >There is an alternative to that 50%

Re: [openssl-project] Entropy seeding the DRBG

2018-04-03 Thread Kurt Roeckx
On Tue, Apr 03, 2018 at 12:52:50PM +, Salz, Rich wrote: > I had not realized that we just increased the “entropy” requirements by 50%, > from 256 to 384. The original DRBG submission that I did only required 128 > bits. I think that is wrong, and I think the PR that did it (#5503) should >

Re: [openssl-project] Entropy seeding the DRBG

2018-04-03 Thread Richard Levitte
In message on Tue, 3 Apr 2018 12:52:50 +, "Salz, Rich" said: rsalz> I had not realized that we just increased the “entropy” rsalz> requirements by 50%, from 256 to 384. The original DRBG rsalz> submission that I did only

[openssl-project] Entropy seeding the DRBG

2018-04-03 Thread Salz, Rich
I had not realized that we just increased the “entropy” requirements by 50%, from 256 to 384. The original DRBG submission that I did only required 128 bits. I think that is wrong, and I think the PR that did it (#5503) should be reverted. I am concerned that we are trying to meet