The provisions for random / pseudorandom data make use of different terminology:
• 4.1: "…a random salt…."
• 5.2.1: "…128 bits of cryptographically secure pseudorandom data…"The provisions for random / pseudorandom data make use of different terminology:
• 4.1: "…a random salt…."
• 5.2.1: "…128 bits of cryptographically secure pseudorandom data…"
• 5.6: "…cryptographically secure random number…"
• 9.3: "…cryptographically random…"
• 9.4: "…randomly-generated…"
A consistent terminology would be helpful to prevent any misinterpretations.
This terminology should not exclude pseudorandom number generators (i.e. deterministic generators) as properly designed and implemented generators are able to produce pseudorandom numbers of sufficient quality (as proven e.g. in several Common Criteria security evaluations).
A consistent terminology would be helpful to prevent any misinterpretations.
This terminology should not exclude pseudorandom number generators (i.e. deterministic generators) as properly designed and implemented generators are able to produce pseudorandom numbers of sufficient quality (as proven e.g. in several Common Criteria security evaluations).
Sakurann
commented
1 year ago
Feedback received:
The provisions for random / pseudorandom data make use of different terminology: • 4.1: "…a random salt…." • 5.2.1: "…128 bits of cryptographically secure pseudorandom data…"The provisions for random / pseudorandom data make use of different terminology: • 4.1: "…a random salt…." • 5.2.1: "…128 bits of cryptographically secure pseudorandom data…" • 5.6: "…cryptographically secure random number…" • 9.3: "…cryptographically random…" • 9.4: "…randomly-generated…"
A consistent terminology would be helpful to prevent any misinterpretations. This terminology should not exclude pseudorandom number generators (i.e. deterministic generators) as properly designed and implemented generators are able to produce pseudorandom numbers of sufficient quality (as proven e.g. in several Common Criteria security evaluations).
• 5.6: "…cryptographically secure random number…" • 9.3: "…cryptographically random…" • 9.4: "…randomly-generated…"
A consistent terminology would be helpful to prevent any misinterpretations. This terminology should not exclude pseudorandom number generators (i.e. deterministic generators) as properly designed and implemented generators are able to produce pseudorandom numbers of sufficient quality (as proven e.g. in several Common Criteria security evaluations).