2nd version - Proposal for New Section 11.1 PRNG

To: ietf-ssh%netbsd.org@localhost
Subject: 2nd version - Proposal for New Section 11.1 PRNG
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Fri, 16 May 2003 05:33:45 -0700 (PDT)

Hi,

Integrating Russ' suggestion.

Thanks,
Chris

============================================================

11.1 PRNG

   This protocol binds each session key to the session by including
   random data that is specific to the session in the hash used to
   produce session keys.  If the random data here (e.g., DH parameters)
   are pseudo-random then the PRNG should be cryptographically secure
   (i.e., its next output not easily guessed even when knowing all
   previous outputs) and, furthermore, entropy needs to be added to the
   PRNG.  RFC 1750 [1750] offers suggestions for sources of entropy.
   Implementors should note the importance of entropy and the well-meant,
   anecdotal warning about the difficulty in properly implementing PRNG
   functions.

   The amount of entropy available to a given client or server sometimes
   may be less than what is needed to run the protocol.  In this case
   one must either resort to PRNGs anyways or refuse to run the protocol.
   In practice implementors will generally rely on some PRNG.



[1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
       Recommendations for Security", RFC 1750, December 1994.

Follow-Ups:
- Re: 2nd version - Proposal for New Section 11.1 PRNG
  - From: David M. Williams

References:
- Re: Proposal for New Section 11.1 PRNG
  - From: Russ Housley

Prev by Date: Re: New Proposal for Section 11.1.4 Man-in-the-middle
Next by Date: Nmap and SSH in "The Matrix: Reloaded"
Previous by Thread: Re: Proposal for New Section 11.1 PRNG
Next by Thread: Re: 2nd version - Proposal for New Section 11.1 PRNG
Indexes:

Home | Main Index | Thread Index | Old Index