2014 FIPS disallows ANSI X9.31

Jakob Breier j.breier at gmx.de
Fri Jan 17 11:22:11 CET 2014

On 17.01.2014 08:30, Werner Koch wrote:
> On Thu, 16 Jan 2014 23:17, j.breier at gmx.de said:
>> You would not want to use OpenSSL. Their Dual_EC_DRBG implementation is
>> horribly broken and will crash or stall your program. See
> Which is good and probably done on purpose.
> SP800-90 has several options for a Deterministic RNG and no mentally
> sane developer would implement the EC based one.  Well, unless there is
> a strong monetary incentive.
> Salam-Shalom,
>    Werner
I know. I probably should have added a smiley somewhere in that mail in
addition to the link to clarify this was a joke. A sad joke at that
given how much trust in such standards has been undermined by the


More information about the Gcrypt-devel mailing list