On Sun, Aug 29, 2010 at 06:40:46PM +1200, Peter Gutmann wrote: > Thor Lancelot Simon <t...@rek.tjls.com> writes: > > >That doesn't make any sense. DT in that generator is really meant to serve > >the role of a counter, and, in fact, the test harness for that generator > >*requires* it to be a counter. > > > >The seed for that generator is K. > > Well, at least in your opinion it is :-). And this illustrates the problem > here, just from the small number of contributors to this thread (including > some off-list ones) we've already had a whole pile of different opinions on > how to apply the PRNGs, and as with the labs there's quite some leeway in the > interpretations.
I'm sorry, I don't buy it. I am aware that some labs will not allow the use of actual time and date in DT to feed in additional entropy as the generator runs. But when this discussion started, as far as I can tell you were claiming that some lab does not allow the use of non-deterministic entropy sources to seed the X9.17 generator *at all*. I don't believe that, because it amounts to telling you how and when to set K, which is the key used to key the cipher that is the core of this DRNG, and the how and when that you'd have to, in this case, be told, would appear to directly contradict the Derived Test Requirements. Believe me, I was quite annoyed the first time I discovered I could not actually use the real date and time in DT, since that is the only measure that provides any resistance to keystream recovery in this generator between rekeyings. I think I've mentioned it before on this list. But that does not mean that you can't key the 9.17 generator from a hardware entropy source; it is really another question entirely. Thor --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com