RFC Errata
Found 6 records.
Status: Verified (2)
RFC 4086, "Randomness Requirements for Security", June 2005
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 4960
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Nikolai Malykh
Date Reported: 2017-03-09
Verifier Name: Paul Wouters
Date Verified: 2023-08-03
Section 8.2.1 says:
If the adversary can command a highly parallel processor or a large network of work stations, 10^11 cycles per second is probably a minimum assumption today. Looking forward a few years, there should be at least an order of magnitude improvement. Thus, it is reasonable to assume that 10^10 keys could be checked per second, or 3.6*10^12 per hour or 6*10^14 per week, or 2.4*10^15 per month.
It should say:
If the adversary can command a highly parallel processor or a large network of work stations, 10^11 cycles per second is probably a minimum assumption today. Looking forward a few years, there should be at least an order of magnitude improvement. Thus, it is reasonable to assume that 10^10 keys could be checked per second, or 3.6*10^13 per hour or 8.6*10^14 per week, or 2.6*10^16 per month.
Notes:
Incorrect values.
AD Note: The proposed corrected text is also incorrect though. The number 8.6*10^14 is per day, not per week. The per week number is 6.48 * 10^15. The proposed updated numbers for per hour and per month are a correct update. So the proposed final text should be:
or 3.6*10^13 per hour or 6.48 * 10^15 per week, or 2.6*10^16 per month.
Errata ID: 5386
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: David Jonasson
Date Reported: 2018-06-08
Verifier Name: Paul Wouters
Date Verified: 2023-08-03
Throughout the document, when it says:
[DoD] "Password Management Guideline", United States of America, Department of Defense, Computer Security Center, CSC-STD-002-85, April 1885.
It should say:
[DoD] "Password Management Guideline", United States of America, Department of Defense, Computer Security Center, CSC-STD-002-85, April 1985.
Notes:
This Informative Reference had the wrong century as publish date.
Status: Held for Document Update (3)
RFC 4086, "Randomness Requirements for Security", June 2005
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 3105
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Florian Weimer
Date Reported: 2012-02-05
Held for Document Update by: Sean Turner
Section 6.2.2 says:
If one uses no more than the: log ( log ( s ) ) 2 2 i low-order bits, then predicting any additional bits from a sequence generated in this manner is provably as hard as factoring n.
It should say:
(see below)
Notes:
As noted by Koblitz and Menezes in "Another look at provable security II", <http://eprint.iacr.org/2006/229.pdf>, this recommendation is based on a misinterpretation of the big-O notation. The claim about provable security is therefore misleading.
Errata ID: 3426
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Tony Hansen
Date Reported: 2012-12-10
Held for Document Update by: Pete Resnick
Section 7.2.1 says:
In the subsections below, the HMAC hash construct is simply referred to as HMAC but, of course, a particular standard SHA function must be selected in an particular use.
It should say:
In the subsections below, the HMAC hash construct is simply referred to as HMAC but, of course, a particular standard SHA function must be selected in a particular use.
Notes:
a grammatical nit
Errata ID: 3427
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Tony Hansen
Date Reported: 2012-12-10
Held for Document Update by: Pete Resnick
Section 7.2.1.1 says:
In the following sections, the notation give below is used:
It should say:
In the following sections, the notation given below is used:
Notes:
a grammatical nit
Status: Rejected (1)
RFC 4086, "Randomness Requirements for Security", June 2005
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 3106
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Florian Weimer
Date Reported: 2012-02-05
Rejected by: Sean Turner
Date Rejected: 2012-05-06
Section 4.4 says:
(see below)
It should say:
(remove entire section)
Notes:
Compression is not suitable for de-skewing, even if headers are removed. For most compression algorithms, discriminators are known. For instance, in gzip output, the most significant bit of each byte is set with a frequency somewhat above 0.501 (except for small inputs). This means that the output is not uniformly distributed even when looking at isolated bytes.
I recommend removal of the entire section.
--VERIFIER NOTES--
I agree with the author:
Just to be crystal clear, I believe there is no "error" here. Just a
judgement call as to whether Section 4.4 should have been included. My
judgement that it should be included was ratified by the IETF at the
time the RFC was approved.