[rng] Choose HMAC_DRBG using SHA-256 as the DRBG algorithm - openslx-ng/ipxe.git - Fork of ipxe; additional commands and features

diff options

author	Michael Brown	2012-03-06 14:42:06 +0100
committer	Michael Brown	2012-03-06 14:42:06 +0100
commit	8d038040eaac85bbe08f0b5ba507ff0167b3a2f3 (patch)
tree	8cf96f207c7be185a397ffe776d3101ce49abf4a /src/tests
parent	[rng] Add NIST self-tests for HMAC_DRBG using SHA-256 (diff)
download	ipxe-8d038040eaac85bbe08f0b5ba507ff0167b3a2f3.tar.gz ipxe-8d038040eaac85bbe08f0b5ba507ff0167b3a2f3.tar.xz ipxe-8d038040eaac85bbe08f0b5ba507ff0167b3a2f3.zip

[rng] Choose HMAC_DRBG using SHA-256 as the DRBG algorithm

Both HMAC_DRBG using SHA-1 and HMAC_DRBG using SHA-256 are Approved algorithms in ANS X9.82 for our chosen security strength of 128 bits. However, general recommendations (see e.g. NIST SP800-57) are to use a larger hash function in preference to SHA-1. Since SHA-256 is required anyway for TLSv1.2 support, there is no code size penalty for switching HMAC_DRBG to also use SHA-256. Signed-off-by: Michael Brown <mcb30@ipxe.org>

Diffstat (limited to 'src/tests')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: