BCP 106

RFC 4086

Randomness Requirements for Security, June 2005

File formats:
icon for text file icon for PDF icon for HTML icon for inline errata
Status:
BEST CURRENT PRACTICE
Obsoletes:
RFC 1750
Authors:
D. Eastlake 3rd
J. Schiller
S. Crocker
Stream:
IETF
Source:
NON WORKING GROUP

Cite this BCP: TXT

Discuss this RFC: Send questions or comments to the mailing list iesg@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC


Abstract

Security systems are built on strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities. The use of pseudo-random processes to generate secret quantities can result in pseudo-security. A sophisticated attacker may find it easier to reproduce the environment that produced the secret quantities and to search the resulting small set of possibilities than to locate the quantities in the whole of the potential number space.

Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult. This document points out many pitfalls in using poor entropy sources or traditional pseudo-random number generation techniques for generating such quantities. It recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search