Slashdot Mirror


NIST Updates Random Number Generation Guidelines

An anonymous reader writes: Encryption weighs heavily on the public consciousness these days, as we've learned that government agencies are keeping an eye on us and a lot of our security tools aren't as foolproof as we've thought. In response to this, the National Institute of Standards and Technology has issued a formal update to its document on how to properly generate a random number — crucial in many types of encryption. The update (as expected) removes a recommendation for the Dual_EC_DRBG algorithm. It also adds extra options for CTR_DRBG and points out examples for implementing SP 800-90A generators. The full document (PDF) is available online.

1 of 64 comments (clear)

  1. Bad RNG will make your crypto predictable by sinij · · Score: 4, Interesting

    One of they few poorly understood concepts in software development is that improperly initialized (called seeding) DRBG will break your crypto.

    For Linux, and especially for headless systems, use /dev/random for seeding. You want it to block if not enough randomness available.