tag:blogger.com,1999:blog-2217885481011815083.post7622113193885344295..comments2023-10-29T04:15:18.164-04:00Comments on The Diceware Security Blog: Critique of NIST Entropy Source Guidelines (SP800-90B) Arnold Reinholdhttp://www.blogger.com/profile/01656641568304119639noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-2217885481011815083.post-81782853021555477842019-03-11T00:28:21.088-04:002019-03-11T00:28:21.088-04:00What a fantastic publish! Other than the seriously...What a fantastic publish! Other than the seriously helpful ideas, it really is just really ! Thanks a great deal in your strategies!! <a href="https://www.picbear.org/" title="picbear" rel="nofollow">picbear</a>Sophie Gracehttps://www.blogger.com/profile/09769321133171248409noreply@blogger.comtag:blogger.com,1999:blog-2217885481011815083.post-64490156752780375412017-07-24T08:01:07.174-04:002017-07-24T08:01:07.174-04:00I am not a IT guy but always look for something to...I am not a IT guy but always look for something to learn about technology and such blogs always help me in this regard. Thank you for sharing this useful blog with us<a href="http://www.resumeplanets.org/">cv writing service</a>https://www.blogger.com/profile/09405505442642733937noreply@blogger.comtag:blogger.com,1999:blog-2217885481011815083.post-4084055520934546882014-08-14T14:56:13.774-04:002014-08-14T14:56:13.774-04:00Arnold,
The issue I raised at the NIST RNG worksho...Arnold,<br />The issue I raised at the NIST RNG workshop and included in my comments against SP800-90, goes a bit further with the testing argument. The XOR construction in SP800-90C requires that you XOR the output of the DRBG with the fresh seed from the conditioner to provide an ENRNG output. The stated reason is for a fallback - if the ES fails, the DRBG will cause you to fall back to the strength on the DRBG. This is nonsense. The DRBG is the largest part of the circuits by far. DRBG failures are more likely. Both the DRBG and the seed path to the ENRNG output rely on the OHT. So if there is an undetected failure in the OHT, then both the seed input to the ENRNG and the DRBG will be predictable and so the DRBG offers no benefit in the XOR construction. At the same time the inclusion of the DRBG makes an SP800-90 solution large and inappropriate for resource constrained solutions. <br /><br />So when we say the ES+OHT+Conditioner should be enough, it also means we are saying we trust the OHT+Conditioner pair to work. To say that we need the OHT+Conditioner pair to work in such a way that they promote and tolerate false positives in order to minimize false negatives. This is the opposite of what SP800-90 says. This needs fixing and a discussion of how to do that is in my comments to NIST.<br /><br />I concur completely with your argument that simplicity wins. It's easier to address the failure, side channel and interference issues in a small, simple design. In this respect SP800-90 fails us.<br />Anonymoushttps://www.blogger.com/profile/05627631587370230775noreply@blogger.com