VE 07KeyMgmt: Difference between revisions

VE 07KeyMgmt (view source)

733 bytes added , 6 October 2006

canmove, Confirmed users

937

edits

@@ Line 48: / Line 48: @@
 '''Security of key generation method:''' The seed key of the Approved RNG is 256 bits. The keys generated by the NSS cryptographic module have at most 256 bits of security. (See NIST [http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf Special Publication (SP) 800-57 Part 1], Table 2 in Section 5.6.1 on page 63.) Therefore, compromising the security of the key generation method (e.g., guessing the seed value to initialize the Approved RNG) requires at least as many operations as determining the value of the generated key.
+The seed key is derived from entropy input obtained from the operating system. On Windows XP SP 2, we call the CryptGenRandom function in the CryptoAPI. On Solaris, HP-UX, Linux, and Mac OS X, we read from the special device /dev/urandom.
+On HP-UX B.11.11, one must install the HP-UX Strong Random Number Generator (KRNG11i) bundle to get /dev/random and /dev/urandom. The KRNG11i bundle can be downloaded for free from the HP software depot, and installation is straightforward.
+Solaris 9 and later and Trusted Solaris 8 have /dev/random and /dev/urandom. Regular Solaris 8 doesn't have /dev/random and /dev/urandom by default, but one can install patch ID 112438 for the SPARC Edition and patch ID 112439 for the Intel Edition.
 =Key Establishment Techniques=