NIST and PRNGs ... er sorry DRBG



What's with NIST and the continual stream of garbage they put out?

SP 800-90 specifies random number generators ... oh sorry pseudo random
number generators ... no wait ... deterministic random bit generators!
Yes, let's not use any standard wording, that may be beneficial.

Then you look at it and they have Hash_DRBG and Cipher_DRBG and
HMAC_DRBG and EC_DRBG.... The design requires seeds be exact lengths
[seedlen] uses random constants, has two hash derive functions [hash_df
and hashgen] which do the same thing... arrg.

I get the point of the first two, but WTF is hmac_drbg for? Who wants
to use an HMAC? And what's up with the ECC stuff? Like I really want
to spend 100,000x more time per bit just so I can impress my math
prof...

Too bad the comment period is up... but I have to question how designs
like this actually get past the sanity checker. I mean John Kelsey is
someone I'd normally trust to make a good spec but this is awful.
bad!!!

Tom

.