Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

Found 2 records.

Status: Verified (2)

RFC 4086, "Randomness Requirements for Security", June 2005

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 4960
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Nikolai Malykh
Date Reported: 2017-03-09
Verifier Name: Paul Wouters
Date Verified: 2023-08-03

Section 8.2.1 says:

   If the adversary can command a highly parallel processor or a large
   network of work stations, 10^11 cycles per second is probably a
   minimum assumption today.  Looking forward a few years, there should
   be at least an order of magnitude improvement.  Thus, it is
   reasonable to assume that 10^10 keys could be checked per second, or
   3.6*10^12 per hour or 6*10^14 per week, or 2.4*10^15 per month. 

It should say:

   If the adversary can command a highly parallel processor or a large
   network of work stations, 10^11 cycles per second is probably a
   minimum assumption today.  Looking forward a few years, there should
   be at least an order of magnitude improvement.  Thus, it is
   reasonable to assume that 10^10 keys could be checked per second, or
   3.6*10^13 per hour or 8.6*10^14 per week, or 2.6*10^16 per month. 

Notes:

Incorrect values.

AD Note: The proposed corrected text is also incorrect though. The number 8.6*10^14 is per day, not per week. The per week number is 6.48 * 10^15. The proposed updated numbers for per hour and per month are a correct update. So the proposed final text should be:

or 3.6*10^13 per hour or 6.48 * 10^15 per week, or 2.6*10^16 per month.

Errata ID: 5386
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: David Jonasson
Date Reported: 2018-06-08
Verifier Name: Paul Wouters
Date Verified: 2023-08-03

Throughout the document, when it says:

   [DoD]           "Password Management Guideline", United States of
                   America, Department of Defense, Computer Security
                   Center, CSC-STD-002-85, April 1885.

It should say:

   [DoD]           "Password Management Guideline", United States of
                   America, Department of Defense, Computer Security
                   Center, CSC-STD-002-85, April 1985.

Notes:

This Informative Reference had the wrong century as publish date.

Report New Errata