Skip to content
This repository has been archived by the owner on Jul 25, 2023. It is now read-only.

The security mechanisms within the software produced by the project MUST generate all cryptographic keys and nonces using a cryptographically secure random number generator, and MUST NOT do so using generators that are cryptographically insecure. #464

Open
v0lkan opened this issue Jul 5, 2023 · 0 comments
Open

The security mechanisms within the software produced by the project MUST generate all cryptographic keys and nonces using a cryptographically secure random number generator, and MUST NOT do so using generators that are cryptographically insecure. #464

v0lkan opened this issue Jul 5, 2023 · 0 comments
Labels
openssf

Comments

@v0lkan
Copy link
Contributor

v0lkan commented Jul 5, 2023

A cryptographically secure random number generator may be a hardware random number generator, or it may be a cryptographically secure pseudo-random number generator (CSPRNG) using an algorithm such as Hash_DRBG, HMAC_DRBG, CTR_DRBG, Yarrow, or Fortuna. Examples of calls to secure random number generators include Java's java.security.SecureRandom and JavaScript's window.crypto.getRandomValues. Examples of calls to insecure random number generators include Java's java.util.Random and JavaScript's Math.random.
@v0lkan v0lkan added this to Aegis Jul 4, 2023
@v0lkan v0lkan converted this from a draft issue Jul 5, 2023
@v0lkan v0lkan added the openssf label Jul 5, 2023
@v0lkan v0lkan removed this from Aegis Jul 5, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
openssf
Projects
Aegis Open SSF Compliance
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@v0lkan