RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 5 records.

Status: Reported (1)

RFC 4086, "Randomness Requirements for Security", June 2005

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 4960

Status: Reported
Type: Technical

Reported By: Nikolai Malykh
Date Reported: 2017-03-09

Section 8.2.1 says:

   If the adversary can command a highly parallel processor or a large
   network of work stations, 10^11 cycles per second is probably a
   minimum assumption today.  Looking forward a few years, there should
   be at least an order of magnitude improvement.  Thus, it is
   reasonable to assume that 10^10 keys could be checked per second, or
   3.6*10^12 per hour or 6*10^14 per week, or 2.4*10^15 per month. 

It should say:

   If the adversary can command a highly parallel processor or a large
   network of work stations, 10^11 cycles per second is probably a
   minimum assumption today.  Looking forward a few years, there should
   be at least an order of magnitude improvement.  Thus, it is
   reasonable to assume that 10^10 keys could be checked per second, or
   3.6*10^13 per hour or 8.6*10^14 per week, or 2.6*10^16 per month. 

Notes:

Incorrect values.

Status: Held for Document Update (3)

RFC 4086, "Randomness Requirements for Security", June 2005

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3105

Status: Held for Document Update
Type: Technical

Reported By: Florian Weimer
Date Reported: 2012-02-05
Held for Document Update by: Sean Turner

Section 6.2.2 says:

   If one uses no more than the:

         log  ( log  ( s  ) )
            2      2    i

   low-order bits, then predicting any additional bits from a sequence
   generated in this manner is provably as hard as factoring n.

It should say:

(see below)

Notes:

As noted by Koblitz and Menezes in "Another look at provable security II", <http://eprint.iacr.org/2006/229.pdf>, this recommendation is based on a misinterpretation of the big-O notation. The claim about provable security is therefore misleading.

Errata ID: 3426

Status: Held for Document Update
Type: Editorial

Reported By: Tony Hansen
Date Reported: 2012-12-10
Held for Document Update by: Pete Resnick

Section 7.2.1 says:

In the subsections below, the HMAC hash construct is simply referred
to as HMAC but, of course, a particular standard SHA function must be
selected in an particular use.

It should say:

In the subsections below, the HMAC hash construct is simply referred
to as HMAC but, of course, a particular standard SHA function must be 
selected in a particular use.

Notes:

a grammatical nit

Errata ID: 3427

Status: Held for Document Update
Type: Editorial

Reported By: Tony Hansen
Date Reported: 2012-12-10
Held for Document Update by: Pete Resnick

Section 7.2.1.1 says:

In the following sections, the notation give below is used:

It should say:

In the following sections, the notation given below is used:

Notes:

a grammatical nit

Status: Rejected (1)

RFC 4086, "Randomness Requirements for Security", June 2005

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3106

Status: Rejected
Type: Technical

Reported By: Florian Weimer
Date Reported: 2012-02-05
Rejected by: Sean Turner
Date Rejected: 2012-05-06

Section 4.4 says:

(see below)

It should say:

(remove entire section)

Notes:

Compression is not suitable for de-skewing, even if headers are removed. For most compression algorithms, discriminators are known. For instance, in gzip output, the most significant bit of each byte is set with a frequency somewhat above 0.501 (except for small inputs). This means that the output is not uniformly distributed even when looking at isolated bytes.

I recommend removal of the entire section.
--VERIFIER NOTES--
I agree with the author:

Just to be crystal clear, I believe there is no "error" here. Just a
judgement call as to whether Section 4.4 should have been included. My
judgement that it should be included was ratified by the IETF at the
time the RFC was approved.

Report New Errata