Cloudflare Research logo

RFC 8937: Randomness Improvements for Security Protocols

Cas Cremers, Luke Garratt, Stanislav Smyshlyaev, Nick Sullivan, Christopher A. Wood
Internet Research Task Force (IRTF). 2020.
read this publication ↗


Randomness is a crucial ingredient for Transport Layer Security (TLS) and related security protocols. Weak or predictable "cryptographically secure" pseudorandom number generators (CSPRNGs) can be abused or exploited for malicious purposes. An initial entropy source that seeds a CSPRNG might be weak or broken as well, which can also lead to critical and systemic security problems. This document describes a way for security protocol implementations to augment their CSPRNGs using long-term private keys. This improves randomness from broken or otherwise subverted CSPRNGs.

Research Areas

Cryptography, Network Security