Dual_EC_DRBG

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Dual_EC_DRBG

yustein
Hi,

Does OpenSSL use this by default, if not where do a user choose which method to use for CSPRNG?

Thanks,
Tony
Reply | Threaded
Open this post in threaded view
|

Re: Dual_EC_DRBG

Dr. Stephen Henson
On Mon, Sep 23, 2013, yustein wrote:

> Hi,
>
> Does OpenSSL use this by default, if not where do a user choose which method
> to use for CSPRNG?
>

The default DRBG for OpenSSL is 256 bit AES CTR_DRBG.

The default can be changed by using the compile time flags:

-DOPENSSL_DRBG_DEFAULT_TYPE=type
-DOPENSSL_DRBG_DEFAULT_FLAG=flags

The default DRBG type can also be set at runtime before any other operations
are performed by calling:

void RAND_set_fips_drbg_type(int type, int flags);

Where "type" and "flags" have the same values as those indicated in the user
guide (section 6.1.2).

Future versions of OpenSSL will fail if an attempt is made to use the Dual EC
DRBG.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Dual_EC_DRBG

yustein
Thanks a lot! :)

Tony

Sent from my iPhone

> On Sep 24, 2013, at 2:27 PM, "Dr. Stephen Henson" <[hidden email]> wrote:
>
>> On Mon, Sep 23, 2013, yustein wrote:
>>
>> Hi,
>>
>> Does OpenSSL use this by default, if not where do a user choose which method
>> to use for CSPRNG?
>
> The default DRBG for OpenSSL is 256 bit AES CTR_DRBG.
>
> The default can be changed by using the compile time flags:
>
> -DOPENSSL_DRBG_DEFAULT_TYPE=type
> -DOPENSSL_DRBG_DEFAULT_FLAG=flags
>
> The default DRBG type can also be set at runtime before any other operations
> are performed by calling:
>
> void RAND_set_fips_drbg_type(int type, int flags);
>
> Where "type" and "flags" have the same values as those indicated in the user
> guide (section 6.1.2).
>
> Future versions of OpenSSL will fail if an attempt is made to use the Dual EC
> DRBG.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Dual_EC_DRBG

Steve Marquess-3
In reply to this post by Dr. Stephen Henson
On 09/24/2013 07:27 AM, Dr. Stephen Henson wrote:
> ...
>
> Future versions of OpenSSL will fail if an attempt is made to use the Dual EC
> DRBG.

Note we're also looking into removing Dual EC DRBG from the OpenSSL FIPS
Object Module, a more difficult proposition as there are strict
restrictions on changes to FIPS 140-2 validated modules even to address
security issues.

For the typical user of the FIPS module accessing it via the "FIPS
capable" OpenSSL the presence or absence of Dual EC DRBG in the FIPS
module itself will be moot once it disappears from OpenSSL proper. But,
in a few cases the FIPS module is used directly.

Incidentally, I was the one who advocated the implementation of that
DRBG, along with the other three in SP800-90, on the grounds that a) it
was after all an official standard, b) OpenSSL already implements some
weak algorithms, and c) the deficiencies were so well known that surely
no one would be stupid enough to actually use it for any serious real
world applications. I was profoundly wrong about that.

-Steve M.

--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
[hidden email]
[hidden email]
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Dual_EC_DRBG

yustein
Thanks :)

Sent from my iPhone

On Sep 24, 2013, at 4:28 PM, "Steve Marquess-3 [via OpenSSL]" <[hidden email]> wrote:

On 09/24/2013 07:27 AM, Dr. Stephen Henson wrote:
> ...
>
> Future versions of OpenSSL will fail if an attempt is made to use the Dual EC
> DRBG.

Note we're also looking into removing Dual EC DRBG from the OpenSSL FIPS
Object Module, a more difficult proposition as there are strict
restrictions on changes to FIPS 140-2 validated modules even to address
security issues.

For the typical user of the FIPS module accessing it via the "FIPS
capable" OpenSSL the presence or absence of Dual EC DRBG in the FIPS
module itself will be moot once it disappears from OpenSSL proper. But,
in a few cases the FIPS module is used directly.

Incidentally, I was the one who advocated the implementation of that
DRBG, along with the other three in SP800-90, on the grounds that a) it
was after all an official standard, b) OpenSSL already implements some
weak algorithms, and c) the deficiencies were so well known that surely
no one would be stupid enough to actually use it for any serious real
world applications. I was profoundly wrong about that.

-Steve M.

--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
[hidden email]
[hidden email]
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



If you reply to this email, your message will be added to the discussion below:
http://openssl.6102.n7.nabble.com/Dual-EC-DRBG-tp46628p46642.html
To unsubscribe from Dual_EC_DRBG, click here.
NAML

smime.p7s (3K) Download Attachment