Found 6 records.

Status: Verified (2)

RFC 4086, "Randomness Requirements for Security", June 2005

Errata ID: 4960
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Nikolai Malykh
Date Reported: 2017-03-09
Verifier Name: Paul Wouters
Date Verified: 2023-08-03

Section 8.2.1 says:

   If the adversary can command a highly parallel processor or a large
   network of work stations, 10^11 cycles per second is probably a
   minimum assumption today.  Looking forward a few years, there should
   be at least an order of magnitude improvement.  Thus, it is
   reasonable to assume that 10^10 keys could be checked per second, or
   3.6*10^12 per hour or 6*10^14 per week, or 2.4*10^15 per month. 

It should say:

   If the adversary can command a highly parallel processor or a large
   network of work stations, 10^11 cycles per second is probably a
   minimum assumption today.  Looking forward a few years, there should
   be at least an order of magnitude improvement.  Thus, it is
   reasonable to assume that 10^10 keys could be checked per second, or
   3.6*10^13 per hour or 8.6*10^14 per week, or 2.6*10^16 per month. 

Notes:

Incorrect values.

AD Note: The proposed corrected text is also incorrect though. The number 8.6*10^14 is per day, not per week. The per week number is 6.48 * 10^15. The proposed updated numbers for per hour and per month are a correct update. So the proposed final text should be:

or 3.6*10^13 per hour or 6.48 * 10^15 per week, or 2.6*10^16 per month.

Errata ID: 5386
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: David Jonasson
Date Reported: 2018-06-08
Verifier Name: Paul Wouters
Date Verified: 2023-08-03

Throughout the document, when it says:

   [DoD]           "Password Management Guideline", United States of
                   America, Department of Defense, Computer Security
                   Center, CSC-STD-002-85, April 1885.

It should say:

   [DoD]           "Password Management Guideline", United States of
                   America, Department of Defense, Computer Security
                   Center, CSC-STD-002-85, April 1985.

Notes:

This Informative Reference had the wrong century as publish date.

Status: Held for Document Update (3)

RFC 4086, "Randomness Requirements for Security", June 2005

Errata ID: 3105
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Florian Weimer
Date Reported: 2012-02-05
Held for Document Update by: Sean Turner

Section 6.2.2 says:

   If one uses no more than the:

         log  ( log  ( s  ) )
            2      2    i

   low-order bits, then predicting any additional bits from a sequence
   generated in this manner is provably as hard as factoring n.

It should say:

(see below)

Notes:

As noted by Koblitz and Menezes in "Another look at provable security II", <https://eprint.iacr.org/2006/229.pdf>, this recommendation is based on a misinterpretation of the big-O notation. The claim about provable security is therefore misleading.

Errata ID: 3426
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Tony Hansen
Date Reported: 2012-12-10
Held for Document Update by: Pete Resnick

Section 7.2.1 says:

In the subsections below, the HMAC hash construct is simply referred
to as HMAC but, of course, a particular standard SHA function must be
selected in an particular use.

It should say:

In the subsections below, the HMAC hash construct is simply referred
to as HMAC but, of course, a particular standard SHA function must be 
selected in a particular use.

Notes:

a grammatical nit

Errata ID: 3427
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Tony Hansen
Date Reported: 2012-12-10
Held for Document Update by: Pete Resnick

Section 7.2.1.1 says:

In the following sections, the notation give below is used:

It should say:

In the following sections, the notation given below is used:

Notes:

a grammatical nit

Status: Rejected (1)

RFC 4086, "Randomness Requirements for Security", June 2005

Errata ID: 3106
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Florian Weimer
Date Reported: 2012-02-05
Rejected by: Sean Turner
Date Rejected: 2012-05-06

Section 4.4 says:

(see below)

It should say:

(remove entire section)

Notes:

Compression is not suitable for de-skewing, even if headers are removed. For most compression algorithms, discriminators are known. For instance, in gzip output, the most significant bit of each byte is set with a frequency somewhat above 0.501 (except for small inputs). This means that the output is not uniformly distributed even when looking at isolated bytes.

I recommend removal of the entire section.
--VERIFIER NOTES--
I agree with the author:

Just to be crystal clear, I believe there is no "error" here. Just a
judgement call as to whether Section 4.4 should have been included. My
judgement that it should be included was ratified by the IETF at the
time the RFC was approved.

Report New Errata