Hi All,
OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have question associated with this.
1. OpenSSL wiki says : Default DRBG is 256-bit CTR AES using a derivation function
2. Where as the document http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf mentions "no derivation function" in one place and in another sections mentions both
Section 4 Modes of Operation and Cryptographic Functionality
Random Number
Generation; [SP 80090] DRBG5 Hash DRBG
Symmetric key
generation Prediction resistance HMAC DRBG, no reseed
supported for all variations CTR DRBG (AES), no derivation function
Section 6 Selftest
DRBG KAT CTR_DRBG: AES, 256 bit with and without derivation function
Please can any one let me know what is the default behavior? Is there any way to toggle between using and not using derivation function.
Regards
Jayalakshmi
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
