{"draft":"draft-eastlake-randomness2-10","doc_id":"RFC4086","title":"Randomness Requirements for Security","authors":["D. Eastlake 3rd","J. Schiller","S. Crocker"],"format":["ASCII","HTML"],"page_count":"48","pub_status":"BEST CURRENT PRACTICE","status":"BEST CURRENT PRACTICE","source":"IETF - NON WORKING GROUP","abstract":"Security systems are built on strong cryptographic algorithms that foil pattern analysis attempts.  However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities.  The use of pseudo-random\r\nprocesses to generate secret quantities can result in pseudo-security. A sophisticated attacker may find it easier to reproduce the environment that produced the secret quantities and to search the\r\nresulting small set of possibilities than to locate the quantities in the whole of the potential number space.\r\n\r\nChoosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult.  This document points out many pitfalls in using poor entropy sources or traditional pseudo-random\r\nnumber generation techniques for generating such quantities.  It recommends the use of truly random hardware techniques and shows that\r\nthe existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications.  This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.","pub_date":"May 2005","keywords":["cryptographic algorithms","passwords","cryptographic keys","pseudo-random","random","numbers","seed"],"obsoletes":["RFC1750"],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":["BCP0106"],"doi":"10.17487\/RFC4086","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc4086"}