No love from Akamai for this: it seems to be done for completionist reasons and it seems risky.
From: "paul.d...@oracle.com" <paul.d...@oracle.com> Date: Tuesday, April 9, 2019 at 8:07 PM To: "fips-spons...@openssl.org" <fips-spons...@openssl.org> Cc: "openssl-project@openssl.org" <openssl-project@openssl.org> Subject: SP 800-90C 10.1.2 Do any of the FIPS sponsors or OpenSSL project people think that SP 800-90C section 10.1.2 “Accessing a Source DRBG with Prediction Resistance to Obtain any Security Strength” is worthwhile including in the code base? The main use is to allow a stronger DRBG to be seeded from a weaker one. For example: seeding AES-CTR-256-DRBG from AES-CTR-128-DRBG. The reasons in favour don’t seem very compelling: * There are some obscure use cases for which there is a fairly easy work around (use stronger DRBGs everywhere). * A low quality hardware source could be used for higher strength applications. * It would also provide some benefit for poorly set up DRBG chains. * It can be used to construct randomness of any strength but I’m not aware of a current method to compress this down to high quality entropy that is directly usable (i.e. preserves the strength). The PR is done (#8660 https://github.com/openssl/openssl/pull/8660<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_8660&d=DwMFAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=7y8i8f_jFNGUJCaPCDSdkHqGsI_jO52jpnghkgmKyy0&s=56TxKBgAh-dg3Z-02GgoT6B1_ZYQ9dHMblLe-d8qS3I&e=>) but I’ve closed it since it seems unloved. If anyone here does think that that would beneficial, say something as justification or it is gone. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia
