1750: Randomness Recommendations for Security.

HTML TXT PS PDF

Security systems today are built on increasingly strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities. The use of pseudo-random processes to generate secret quantities can result in pseudo-security. The sophisticated attacker of these security systems may find it easier to reproduce the environment that produced the secret quantities, searching the resulting small set of possibilities, than to locate the quantities in the whole of the number space.

Status INFORMATIONAL
Format TXT=73842 bytes
Authors J. Schiller S. Crocker D. Eastlake
Date December 1994
Keyphrases random bits Security key

Obsoleted by

RFC4086: Randomness Requirements for Security. D. Eastlake, 3rd,

References

RFC1319: The MD2 Message-Digest Algorithm.
RFC1320: The MD4 Message-Digest Algorithm.
RFC1321: The MD5 Message-Digest Algorithm.
RFC1421: Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures.
RFC1422: Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management.
RFC1423: Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers.
RFC1424: Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services.

Referenced by

RFC1889: RTP: A Transport Protocol for Real-Time Applications. Audio-Video Transport Working Group,
RFC1948: Defending Against Sequence Number Attacks.
RFC2002: IP Mobility Support.
RFC2065: Domain Name System Security Extensions.
RFC2405: The ESP DES-CBC Cipher Algorithm With Explicit
RFC2411: IP Security Document Roadmap.
RFC2412: The OAKLEY Key Determination Protocol.
RFC2433: Microsoft PPP CHAP Extensions.
RFC2440: OpenPGP Message Format.
RFC2536: DSA KEYs and SIGs in the Domain Name System (DNS).
RFC2541: DNS Security Operational Considerations.
RFC2543: SIP: Session Initiation Protocol.
RFC2630: Cryptographic Message Syntax.
RFC2633: S/MIME Version 3 Message Specification.
RFC2759: Microsoft PPP CHAP Extensions, Version 2.
RFC2777: Publicly Verifiable Nomcom Random Selection.
RFC2786: Diffie-Helman USM Key Management Information Base and Textual Convention.
RFC2828: Internet Security Glossary.
RFC2845: Secret Key Transaction Authentication for DNS (TSIG).
RFC2848: The PINT Service Protocol: Extensions to SIP and SDP for IP Access to Telephone Call Services.
RFC2857: The Use of HMAC-RIPEMD-160-96 within ESP and
RFC2919: List-Id: A Structured Field and Namespace for the Identification of Mailing Lists.
RFC2930: Secret Key Establishment for DNS (TKEY RR).
RFC2943: TELNET Authentication Using
RFC2951: TELNET Authentication Using KEA and
RFC2960: Stream Control Transmission Protocol.
RFC3012: Mobile IPv4 Challenge/Response Extensions.
RFC3041: Privacy Extensions for Stateless Address Autoconfiguration in IPv6.
RFC3075: XML-Signature Syntax and Processing.
RFC3174: US Secure Hash Algorithm 1 (SHA1).
RFC3217: Triple-DES and RC2 Key Wrapping.
RFC3220: IP Mobility Support for IPv4.
RFC3257: Stream Control Transmission Protocol Applicability Statement.
RFC3261: SIP: Session Initiation Protocol.
RFC3275: (Extensible Markup Language) XML-Signature Syntax and Processing.
RFC3307: Allocation Guidelines for IPv6 Multicast Addresses.
RFC3344: IP Mobility Support for IPv4.
RFC3369: Cryptographic Message Syntax (CMS).
RFC3370: Cryptographic Message Syntax (CMS) Algorithms.
RFC3514: The Security Flag in the IPv4 Header.
RFC3537: Wrapping a Hashed Message Authentication Code (HMAC) key with a Triple-Data Encryption Standard (DES) Key or an Advanced Encryption Standard (AES) Key.
RFC3539: Authentication, Authorization and Accounting (AAA) Transport Profile.
RFC3550: RTP: A Transport Protocol for Real-Time Applications.
RFC3560: Use of the RSAES-OAEP Key Transport Algorithm in Cryptographic Message Syntax (CMS).
RFC3562: Key Management Considerations for the TCP MD5 Signature Option.
RFC3565: Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS).
RFC3631: Security Mechanisms for the Internet.
RFC3697: IPv6 Flow Label Specification.
RFC3711: The Secure Real-time Transport Protocol (SRTP).
RFC3748: Extensible Authentication Protocol (EAP).
RFC3766: Determining Strengths For Public Keys Used For Exchanging Symmetric Keys.
RFC3775: Mobility Support in IPv6.
RFC3797: Publicly Verifiable Nominations Committee (NomCom) Random Selection.
RFC3819: Advice for Internet Subnetwork Designers.
RFC3821: Fibre Channel Over TCP/IP (FCIP).
RFC3830: MIKEY: Multimedia Internet KEYing.
RFC3851: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification.
RFC3852: Cryptographic Message Syntax (CMS).
RFC3885: SMTP Service Extension for Message Tracking.
RFC3920: Extensible Messaging and Presence Protocol (XMPP): Core.
RFC3931: Layer Two Tunneling Protocol - Version 3 (L2TPv3).
RFC3957: Authentication, Authorization, and Accounting (AAA) Registration Keys for Mobile IPv4.
RFC3972: Cryptographically Generated Addresses (CGA).
RFC4055: Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.
RFC4056: Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS).
RFC4086: Randomness Requirements for Security. D. Eastlake, 3rd,
RFC4122: A Universally Unique IDentifier (UUID) URN Namespace.
RFC4271: A Border Gateway Protocol 4 (BGP-4).
RFC4460: Stream Control Transmission Protocol (SCTP) Specification Errata and Issues.
RFC4568: Session Description Protocol (SDP) Security Descriptions for Media Streams.
RFC4650: HMAC-Authenticated Diffie-Hellman for Multimedia Internet KEYing (MIKEY).