Download Kraftway SP-800 Hard Reset File

Download Kraftway SP-800 factory reset file

The comment period is open through June 15, 2021 July 9, 2021. Submit comments to sp800-66-comments@nist.gov with “Resource Guide for Implementing the HIPAA Security Rule Call for Comments” in the subject field.

Comments received by the deadline will be incorporated to the extent practicable. Once completed, the resulting draft of SP 800-66, Rev. 2, will be provided for public review and comment.

The following topics are intended to help NIST learn about experiences in applying and using An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”) and explore opportunities for improvement.

Other Parts of this Publication:
SP 800-53B

New supplemental materials are also available:

See the Errata (beginning on p. xvii) for a list of updates to the original publication.

Joint Task Force

"The Dual Elliptic Curve Pseudorandom Generator (DEC PRG) is proposed by Barker and Kelsey [2].
It is claimed (see Section 10.3.1 of [2]) that the pseudorandom generator is secure unless the adversary can solve the elliptic curve discrete logarithm problem (ECDLP) for the corresponding elliptic curve.
The claim is supported only by an informal discussion. No security reduction is given, that is, it is not shown that an adversary that breaks the pseudorandom generator implies a solver for the ECDLP.
Our experimental results and also empirical argument show that the DEC PRG is insecure. The attack does not imply solving the ECDLP for the corresponding elliptic curve. The attack is very efficient. It can be run on an ordinary PC. Actually, the generator is insecure because pseudorandom bits are extracted from points of the elliptic curve improperly."

Comments on Dual-EC-DRBG/NIST SP 800-90, Draft December 2005 by Kristian Gjøsteen* (March 16, 2006)
Abstract: "We analyse the Dual-EC deterministic pseudo-random bit generator (DRBG) proposed in draft of NIST SP 800-90 published December 2005. The generator consists of two parts, one that generates a sequence of points and one that extracts a bit string from the point sequence. We show that the first part is essentially cryptographically sound, while the second is not."

*Associate professor at The Norwegian University of Science and Technology, Department of Mathematical Sciences.

Cryptanalysis of the Dual Elliptic Curve Pseudorandom Generator
Berry Schoenmakers and Andrey Sidorenko
Dept. of Mathematics and Computer Science, TU Eindhoven,
P.O. Box 513, 5600 MB Eindhoven, The Netherlands.
berry@win.tue.nl, a.sidorenko@tue.nl
29 May 2006