David Stutzman wrote:
We are attempting to add the random K back into an implementation of the DSA algorithm that doesn't currently have it. It uses a 20 byte K seed that it uses to compute a K but that number never changes. We would like to toss that out and use a random 20 byte number. I looked around and found the NSPR method PR_GetRandomNoise. Would that be ok to use for this purpose or is there something better?

Don't use PR_GetRandomNoise.  It is designed for this
purpose, but its implementation is incomplete.

What did you mean by K seed?  Is it the KKEY variable
in the algorithm of FIPS 186-2 Appendix 3.2?

You can generate K seed using NSS's RNG, or you can use
/dev/urandom on Unix and CryptoAPI's RNG on Windows.
NSS uses /dev/urandom and CryptoAPI's RNG to generate
some seed material for its RNG.  You can look at our code:
http://lxr.mozilla.org/security/ident?i=RNG_SystemRNG

Wan-Teh

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to