| CARVIEW |
Select Language
HTTP/2 200
date: Wed, 16 Jul 2025 06:02:42 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
set-cookie: PHPSESSID=f5refqhbd94l57ompvsp1a67mm; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 95ff4ac899393585-BLR
alt-svc: h3=":443"; ma=86400
RFC Errata Report » RFC Editor
Area Assignment: sec
Search RFCs
The Series
For Authors
Sponsor
RFC Errata
RFC 4086, "Randomness Requirements for Security", June 2005
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 3105
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Florian Weimer
Date Reported: 2012-02-05
Held for Document Update by: Sean Turner
Section 6.2.2 says:
If one uses no more than the:
log ( log ( s ) )
2 2 i
low-order bits, then predicting any additional bits from a sequence
generated in this manner is provably as hard as factoring n.
It should say:
(see below)
Notes:
As noted by Koblitz and Menezes in "Another look at provable security II", <https://eprint.iacr.org/2006/229.pdf>, this recommendation is based on a misinterpretation of the big-O notation. The claim about provable security is therefore misleading.
IAB • IANA • IETF • IRTF • ISE • ISOC • IETF Trust
Reports • Privacy Statement • Site Map • Contact Us