Skip to main content link. Accesskey S
  • HCL Logo
  • HCL Notes and Domino wiki
  • THIS WIKI IS READ-ONLY. Individual names altered for privacy purposes.
  • HCL Forums and Blogs
  • Home
  • Product Documentation
  • Community Articles
  • Learning Center
  • API Documentation
Search
Community Articles > Lotus Domino > Domino security > Pseudo-random number generation in Notes/Domino
  • Share Show Menu▼
  • Subscribe Show Menu▼

Recent articles by this author

TLS Cipher Configuration

This article describes how to configure SSLTLS cipher specifications in IBM Domino 9.0.1 FP5

HTTP Strict Transport Security (HSTS)

How to configure Domino for HTTP Strict Transport Security

Unable to connect to patched Domino servers using SSLv2 backwards compatibility mode

All support for SSLv2 was removed by the IBMDominoTLS1.0Interim Fixes that added support for TLS 1.0 and TLSFALLBACKSCSV to IBM Domino. This includes the SSLv2 handshake messages that were used to enable backwards compatibility with servers that only supported SSLv2. SSLTLS clients that ...

Installing and Running the Domino keyring tool

This command line tool can be used to view keyring files, create keyring files, and import certificates of all kinds into keyring files. It uses the Notes C API and can be run against any 8.5.x or 9.x IBM NotesDomino installation, but can only be used with SHA2 certiifcates in 9.x, and can only ...

Generating a keyring file with a self-signed SHA-2 cert using OpenSSL and kyrtool

Generating a keyring file with a self-signed SHA-2 cert using OpenSSL and kyrtool
Community articlePseudo-random number generation in Notes/Domino
Added by ~Joseph Nimweburings | Edited by ~Joseph Nimweburings on April 30, 2014 | Version 2
  • Actions Show Menu▼
expanded Abstract
collapsed Abstract
Notes/Domino does not use and has never used the Dual_EC_DRBG pseudo-random number generator.
Tags: Security
Recent media reports have speculated about the safety and reliability of the Dual_EC_DRBG pseudo-random number generator (PRNG). (http://en.wikipedia.org/wiki/Dual_EC_DRBG) The Notes/Domino product family does not use and has never used the Dual_EC_DRBG PRNG.

Notes/Domino does use RSA Data Security's BSAFE cryptographic library in a number of situations, but when doing so it always specifies AI_MD5Random for the PRNG algorithm instead of accepting the default algorithm.

If you are reading this article and are still using RSA keys less than 1024 bits, we highly recommend using the User Key Rollover, Server Key Rollover, and Certifier Key Rollover features to upgrade your environment to at least the currently recommended key strengths. You aren't still using decades-old computers, so please don't use decades-old cryptographic keys.

  • Actions Show Menu▼


expanded Attachments (0)
collapsed Attachments (0)
Edit the article to add or modify attachments.
expanded Versions (1)
collapsed Versions (1)
Version Comparison     
VersionDateChanged by              Summary of changes
This version (2)Apr 30, 2014, 8:00:34 PM~Joseph Nimweburings  
expanded Comments (0)
collapsed Comments (0)
Copy and paste this wiki markup to link to this article from another article in this wiki.
Go ElsewhereStay ConnectedAbout
  • HCL Software
  • HCL Digital Solutions community
  • HCL Software support
  • BlogsDigital Solutions blog
  • Community LinkHCL Software forums and blogs
  • About HCL Software
  • Privacy
  • Accessibility