Tuesday, September 24, 2013

Why NIST SP 800-90A currently is not recommended ?

To insure that the points P and Q have been generated appropriately, additional self-test
procedures shall be performed whenever the instantiate function is invoked. Test section specifies that known-answer tests on the instantiate function be performed prior to creating
an operational instantiation. As part of these tests, an implementation of the generation
procedure in [X9.62] shall be called for each point (i.e., P and Q) with the appropriate
domain_parameter_seed value that was used to generate that point. The point returned
shall be compared with the corresponding stored value of the point. If the generated value
does not match the stored value, the implementation shall halt with an error condition.
99% BAD HARDWARE WEEK: Dual_EC_DRBG is valid as much as initial P and Q randomality test against given instances is correct. But are they correct ? That is why NIST SP 800-90A is not recommended by NIST itself. Microsoft added support for the standard, including the elliptic curve random-number generator, in a Vista update in February 2008, though it did not make the problematic generator the default algorithm.
Asked why Microsoft supported the algorithm when two of its own employees had shown it to be weakened, a second Microsoft senior manager who spoke with WIRED said that while the weakness in the algorithm and standard was “weird” it “wasn’t a smoking gun.” It was more of an “odd property.”


Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?