2014 FIPS disallows ANSI X9.31

Werner Koch wk at gnupg.org
Fri Jan 17 08:30:23 CET 2014

On Thu, 16 Jan 2014 23:17, j.breier at gmx.de said:

> You would not want to use OpenSSL. Their Dual_EC_DRBG implementation is
> horribly broken and will crash or stall your program. See

Which is good and probably done on purpose.

SP800-90 has several options for a Deterministic RNG and no mentally
sane developer would implement the EC based one.  Well, unless there is
a strong monetary incentive.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list