On Thu, Mar 7, 2019 at 9:28 PM Matt Palmer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > The "CS" is "CSPRNG" stands for "cryptographically secure", and "CSPRNG" is > defined in the BRs. > Yes. There are various levels of qualification and quality for algorithms and entropy sources bearing that designation and they've changed over the years. > > > It > > does not specify whether the 64-bits must be comprised of sequential bits > > of data output by the CSPRNG, > > Nor does it need to. > Really, why not? The rule says that 64-bits of output from a CSPRNG must be utilized. It does not clearly delineate that one can't be choosy about which 64 to take. > > > nor does it specify that one is not permitted > > to discard inconvenient values (assuming you seek replacement values from > > the CSPRNG). > > If you generate a 64-bit random value, then discard some values based on > any > sort of quality test, the end result is a 64-bit value with > less-than-64-bits of randomness. The reduction in randomness depends on > the > exact quality function employed. > I understand well the reasons that entropy is desired and I understand well exactly the way, mathematically, that this behavior would reduce total entropy. My complaint is that nothing in the rule demands an actual set minimum amount of true entropy even though that result is clearly what was really desired. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
