2014 FIPS disallows ANSI X9.31
Jakob Breier
j.breier at gmx.de
Fri Jan 17 11:22:11 CET 2014
On 17.01.2014 08:30, Werner Koch wrote:
> On Thu, 16 Jan 2014 23:17, j.breier at gmx.de said:
>
>> You would not want to use OpenSSL. Their Dual_EC_DRBG implementation is
>> horribly broken and will crash or stall your program. See
> Which is good and probably done on purpose.
>
> SP800-90 has several options for a Deterministic RNG and no mentally
> sane developer would implement the EC based one. Well, unless there is
> a strong monetary incentive.
>
>
> Salam-Shalom,
>
> Werner
>
I know. I probably should have added a smiley somewhere in that mail in
addition to the link to clarify this was a joke. A sad joke at that
given how much trust in such standards has been undermined by the
Dual_EC_DRBG.
Regards,
Jakob
More information about the Gcrypt-devel
mailing list