RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4086, "Randomness Requirements for Security", June 2005

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3105
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Florian Weimer
Date Reported: 2012-02-05
Held for Document Update by: Sean Turner

Section 6.2.2 says:

   If one uses no more than the:

         log  ( log  ( s  ) )
            2      2    i

   low-order bits, then predicting any additional bits from a sequence
   generated in this manner is provably as hard as factoring n.

It should say:

(see below)

Notes:

As noted by Koblitz and Menezes in "Another look at provable security II", <http://eprint.iacr.org/2006/229.pdf>, this recommendation is based on a misinterpretation of the big-O notation. The claim about provable security is therefore misleading.

Report New Errata