Merge pull request #1522 from usnistgov/livebe01-patch-1

Addresses DRBG min nonce lens
usnistgov · Aug 2, 2024 · bbce2ac · bbce2ac
2 parents 0245946 + 1823cd2
commit bbce2ac
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/drbg/sections/05-capabilities.adoc b/src/drbg/sections/05-capabilities.adoc
@@ -61,7 +61,7 @@ DRBG minimum/maximum values for the properties listed in <<capabilities-table>>
 [[supported_values]]
 .Supported DRBG Values
 |===
-| DRBG Algorithm | Mode | Derivation Function | Max Security Strength | Min Entropy Len | Max Entropy Len | Max PersoString | Max Addl String | Min Nonce Len | Max Nonce Len | Min returnedBits Len
+| DRBG Algorithm | Mode | Derivation Function | Max Security Strength | Min Entropy Len | Max Entropy Len | Max PersoString | Max Addl String | Min Nonce Len (please see the note following this table) | Max Nonce Len | Min returnedBits Len
 
 | ctrDRBG | "AES-128" | TRUE | 128 | 128 | 65536 | 65536 | 65536 | 64 | 65536 | 128
 | ctrDRBG | "AES-192" | TRUE | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 128
@@ -95,6 +95,8 @@ DRBG minimum/maximum values for the properties listed in <<capabilities-table>>
 | hmacDRBG | "SHA3-512" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 512
 |===
 
+NOTE: If an implementation utilizes a nonce in the construction of a seed during instantiation, the length of the nonce shall be at least half the maximum security strength supported. The values listed in the Min Nonce Len column of <<supported_values>> are the maximum security strength / 2. Per allowances in <<SP800-90A>>, the length of a nonce may be less than 1/2 the maximum security strength supported as long as the entropy input length + the nonce length >= 3/2 security strength. If the entropy input length is >= 3/2 security strength the minimum nonce length will be 0.
+
 === DRBG Registration Example
 
 The following is an example registration.