On Tue, Jul 15, 2014 at 07:09:05AM -0700, Watson Ladd wrote:
> > Well, a large number of these uses should be done in the crypto
> > library -- since if the application writer can't tell the difference
> > between an IV and a session key, I'm not sure I want that person
> > anywhere near crypto code...
>
> What is the difference in how random they should be? There isn't one,
> and making it exposable in system policy invites
> all sorts of issues.
Some people believe, quite passionately, that there should be a
difference in at least some of those use cases. NIST believes that
there is a difference between what is output by a DRBG and what a NRBG
which is used to seed a DRBG. Presumably if you need to sell into the
US government market, you'll be forced to care as well, just as
companies who have US government customers are forced to deal with
FIPS whether or not it is actively harmful to security.
And I would *hope* that people would agree there should be a
difference between what is needed for a Monte Carlo simulation and
other various cryptographic use cases. (I've gotten bug reports from
people who insisted on using /dev/urandom for Monte Carlo simulations,
and who then complained when it was too slow for their purposes....)
So my including Monte Carlo simulations was quite deliberate --- I can
pretty much guarantee some cluess graduate student will come across
the interface, and decide to use it, and if we list "monte carlo
simulations" as one of the options, hopefully they will chose it and be happy.
- Ted
_______________________________________________
dsfjdssdfsd mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dsfjdssdfsd
