Randomness Requirements for Security

Network Working Group D. Eastlake, 3rd Request for Comments: 4086 Motorola Laboratories BCP: 106 J. Schiller Obsoletes: 1750 MIT Category: Best Current Practice S. Crocker June 2005 Randomness Requirements for Security Status of This Memo This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract Security systems are built on strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities. The use of pseudo-random processes to generate secret quantities can result in pseudo- security. A sophisticated attacker may find it easier to reproduce the environment that produced the secret quantities and to search the resulting small set of possibilities than ... Read full article.