VE 07KeyMgmt: Difference between revisions

Jump to navigation Jump to search

VE 07KeyMgmt (view source)

Revision as of 23:49, 10 August 2006

594 bytes removed ,  10 August 2006
→‎Random Number Generator
Line 101: Line 101:
=Random Number Generator=
=Random Number Generator=


There are three random number generators (RNGs) used in the NSS cryptographic module.
There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm 1 of FIPS 186-2 Change Notice 1. (The RNG validation certificate is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208].) The Approved RNG is used within the NSS cryptographic module for all cryptographic purposes, including the generation of cryptographic keys used by an Approved security function.
 
The first RNG is the Standard C Library function <code>rand()</code> (declared in the header file <code><stdlib.h></code>).  The <code>rand()</code> function is a non-Approved RNG and used within the NSS cryptographic module only for probabilistic algorithms such as the Miller-Rabin primality test.
 
The second RNG (on Unix and Unix-like platforms only) is the special device <code>/dev/urandom</code>. It is a non-Approved RNG and used only once during the library initialization of the NSS cryptographic module for generating (1024 bytes) seeds for the Approved RNG, described next.
 
The third RNG is an Approved RNG, implementing Algorithm 1 of FIPS 186-2 Change Notice 1. (The RNG validation certificate is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208].) The Approved RNG is used within the NSS cryptographic module for all cryptographic purposes, including the generation of cryptographic keys used by an Approved security function.


If the seed and seed key input to the Approved RNG have the same value, the Approved RNG returns a failure status code and doesn't produce any output. The check is done by the <code>memcmp</code> function call in the function <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#FIPS186Change_GenerateX FIPS186Change_GenerateX]</code>:
If the seed and seed key input to the Approved RNG have the same value, the Approved RNG returns a failure status code and doesn't produce any output. The check is done by the <code>memcmp</code> function call in the function <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#FIPS186Change_GenerateX FIPS186Change_GenerateX]</code>:
Wtchang
canmove, Confirmed users
937

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/31324"

Navigation menu