Via puts RNGs on new processors
Anton Stiglic
astiglic at okiok.com
Tue Apr 8 16:24:27 EDT 2003
In fact to be a bit more precise, for FIPS 140-2 level 3 the module
needs to provide a call for the statistical tests, and it may automatically
start the tests on power up. For FIPS 140-2 level 4, the module must
execute the statistical tests on power up.
--Anton
----- Original Message -----
From: <t.c.jones at att.net>
To: "Don Davis" <don at mit.edu>
Cc: <cryptography at wasabisystems.com>
Sent: Tuesday, April 08, 2003 4:02 PM
Subject: Re: Via puts RNGs on new processors
> FIPS certification requires a certain miminal tests of RNG functionality
every
> time the process is started. ..tom
>
> > At 12:20 PM -0400 4/8/03, Perry E. Metzger wrote:
> > > FYI, it appears that Cryptography Research has
> > > done an evaluation on the RNG. See:
> > > http://www.cryptography.com/resources/whitepapers/index.html
> >
> > a one-time evaluation of the RNG's design and of
> > its output aren't really enough. there are three
> > related issues, which arise because effective and
> > thorough TRNG testing are too expensive:
> >
> > * production-line QA: with modern chip-fab
> > technology, salable chip yields aren't 100%.
> > each chip gets run through a validation test,
> > to make sure that its various functions work
> > correctly, and a lot of chips get scrapped
> > because of validation failures. unfortunately,
> > thorough validation of each chip's TRNG would
> > take too long (generate some bulk of random
> > bits, do a few hours or days of CPU-intensive
> > statistical computations...).
> >
> > * surely, vendors are going to be unwilling to
> > discard a chip whose CPU and on-board memory
> > work, but whose TRNG doesn't work. the ven-
> > dor might bother to disable the TRNG circuits,
> > and then sell the faulty chips at a reduced
> > price for non-crypto applications. but i
> > expect that most vendors won't bother, but
> > will silently sell the TRNGs as-is.
> >
> > * detection of run-time TRNG failures: how
> > will the CPU or operating system detect that
> > the TRNG has stopped working properly? surely,
> > neither the CPU nor the OS is going to spon-
> > taneously sample and test the TRNG's output
> > for randomness failures, because proper RNG
> > testing is computationally expensive.
> >
> > - don davis, boston
> >
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list