3rd version - Proposal for New Section 11.1 PRNG

To: "David M. Williams" <d_wllms%lanl.gov@localhost>
Subject: 3rd version - Proposal for New Section 11.1 PRNG
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Fri, 16 May 2003 11:53:07 -0700 (PDT)

Hi,

How's this?  I punted on the PRNG and just replaced it with the proper
words as grammar dictates.  I worked in a sentence that originally appears
in Section 8 of [SSH-ARCH] and replaced the last sentence as that seems to
be consistent with the intent of that Section 8.

Thanks,
Chris

=========================================================================

11.1 Pseudo-Random Number Generation

   This protocol binds each session key to the session by including
   random, session specific data in the hash used to produce session
   keys.  Special care should be taken to ensure that all of the random
   numbers are of good quality.  If the random data here (e.g., DH
   parameters) are pseudo-random then the pseudo-random number generator
   should be cryptographically secure (i.e., its next output not easily
   guessed even when knowing all previous outputs) and, furthermore,
   proper entropy needs to be added to the pseudo-random number
   generator.  RFC 1750 [1750] offers suggestions for sources of random
   numbers and entropy.  Implementors should note the importance of
   entropy and the well-meant, anecdotal warning about the difficulty in
   properly implementing pseudo-random number generating functions.

   The amount of entropy available to a given client or server may
   sometimes be less than what is required.  In this case one must either
   resort to pseudo-random number generation regardless of insufficient
   entropy or refuse to run the protocol.  The latter is preferable.

[1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
       Recommendations for Security", RFC 1750, December 1994.

On Fri, 16 May 2003, David M. Williams wrote:

> Chrris,
>     I hope that my signal-to-noise ratio on comments hasn't gotten too
> low that I can't make a few comments on the PRNG section.
>
> Comments below:
>
> >============================================================
> >
> >11.1 PRNG
> >
> the acronym PRNG lacks a parenthetical reference at it's first occurance
> in the draft.
>
> s/PRNG/Pseudo-Random Number Generation/
> with the parenthetical reference in the following paragraphs or
>
> s/PRNG/Pseudo-Random Number Generator (PRNG)/
> This is probably not correct per the style RFC.
>
> also we seem to be using the acronym for both "generator" and
> "generation".  Do we care about the gramatical agreement?
>
> >
> >   This protocol binds each session key to the session by including
> >   random data that is specific to the session in the hash used to
> >
> maybe this is clearer,
> s/random data that is specific to the session/random, session specific data/
>
> >   produce session keys.  If the random data here (e.g., DH parameters)
> >   are pseudo-random then the PRNG should be cryptographically secure
> >   (i.e., its next output not easily guessed even when knowing all
> >   previous outputs) and, furthermore, entropy needs to be added to the
> >   PRNG.  RFC 1750 [1750] offers suggestions for sources of entropy.
> >   Implementors should note the importance of entropy and the well-meant,
> >   anecdotal warning about the difficulty in properly implementing PRNG
> >   functions.
> >
> s/PRNG functions/PRNGs/
> fixes the usage issue, now all uses reflect the implied "generator" usage.
>
> >
> >   The amount of entropy available to a given client or server sometimes
> >   may be less than what is needed to run the protocol.  In this case
> >
> s/sometimes may/may sometimes/
>
> s/to run the protocol/to provide
>
> >   one must either resort to PRNGs anyways or refuse to run the protocol.
> >
> s/anyways/regardless of insufficient entropy/
>
> >   In practice implementors will generally rely on some PRNG.
> >
> I'd like to suggest we drop this sentence.
>
> >
> >
> >
> >[1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
> >       Recommendations for Security", RFC 1750, December 1994.
> >
> >
> >
> >
> >
>
> --
> David M. Williams, CISSP		Phone: 505-665-8062
> Systems Engineer, CCN-2			Fax:   505-667-7942
> Los Alamos National Laboratory		Email: d_wllmsATlanlDOTgov
>
> "Nel mezzo del cammin di nostra vita / mi ritrouvai per una selva oscura /
> che la diritta via era smarrita" -Dante Aligheri
>
>
>

References:
- Re: 2nd version - Proposal for New Section 11.1 PRNG
  - From: David M. Williams

Prev by Date: 2nd Version - Section 11.1.4 Man-in-the-middle
Next by Date: New Proposal for Section 11.3 Authentication Protocol
Previous by Thread: Re: 2nd version - Proposal for New Section 11.1 PRNG
Next by Thread: Nmap and SSH in "The Matrix: Reloaded"
Indexes:

Home | Main Index | Thread Index | Old Index