David Stutzman wrote:
We are attempting to add the random K back into an implementation of the DSA algorithm that doesn't currently have it. It uses a 20 byte K seed that it uses to compute a K but that number never changes. We would like to toss that out and use a random 20 byte number. I looked around and found the NSPR method PR_GetRandomNoise. Would that be ok to use for this purpose or is there something better?
Don't use PR_GetRandomNoise. It is designed for this purpose, but its implementation is incomplete. What did you mean by K seed? Is it the KKEY variable in the algorithm of FIPS 186-2 Appendix 3.2? You can generate K seed using NSS's RNG, or you can use /dev/urandom on Unix and CryptoAPI's RNG on Windows. NSS uses /dev/urandom and CryptoAPI's RNG to generate some seed material for its RNG. You can look at our code: http://lxr.mozilla.org/security/ident?i=RNG_SystemRNG Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
