[Cryptech Tech] NIST and RNG

[Jacob]

On 1/29/2016 9:50 PM, Bernd Paysan wrote:
> Am Freitag, 29. Januar 2016, 10:04:44 schrieb Russ Housley:
>>> https://fcw.com/articles/2016/01/28/crypto-nist-generator.aspx
>>
> Given that SHA-3 is a NiST-based standard, and Keccak offers a combination of
> conditioner and DRBG expander as a single building block, it's a bit strange
> that it wasn't added into the recommendation.  Just Dual_EC_DRBG was
> dropped...
>
> Does that mean the NSA does not like using Keccak in this mode?

NIST does allow Keccak as a conditioning component in the draft (line 
575, FIPS 202)