Via puts RNGs on new processors

Anton Stiglic astiglic at okiok.com
Tue Apr 8 16:24:27 EDT 2003 

In fact to be a bit more precise, for FIPS 140-2  level 3 the module
needs to provide a call for the statistical tests, and it may automatically
start the tests on power up. For FIPS 140-2 level 4, the module must
execute the statistical tests on power up.


--Anton

----- Original Message -----
From: <t.c.jones at att.net>
To: "Don Davis" <don at mit.edu>
Cc: <cryptography at wasabisystems.com>
Sent: Tuesday, April 08, 2003 4:02 PM
Subject: Re: Via puts RNGs on new processors


> FIPS certification requires a certain miminal tests of RNG functionality
every
> time the process is started.  ..tom
>
> > At 12:20 PM -0400 4/8/03, Perry E. Metzger wrote:
> > > FYI, it appears that Cryptography Research has
> > > done an evaluation on the RNG. See:
> > > http://www.cryptography.com/resources/whitepapers/index.html
> >
> > a one-time evaluation of the RNG's design and of
> > its output aren't really enough.  there are three
> > related issues, which arise because effective and
> > thorough TRNG testing are too expensive:
> >
> >   * production-line QA:  with modern chip-fab
> >     technology, salable chip yields aren't 100%.
> >     each chip gets run through a validation test,
> >     to make sure that its various functions work
> >     correctly, and a lot of chips get scrapped
> >     because of validation failures.  unfortunately,
> >     thorough validation of each chip's TRNG would
> >     take too long (generate some bulk of random
> >     bits, do a few hours or days of CPU-intensive
> >     statistical computations...).
> >
> >   * surely, vendors are going to be unwilling to
> >     discard a chip whose CPU and on-board memory
> >     work, but whose TRNG doesn't work.  the ven-
> >     dor might bother to disable the TRNG circuits,
> >     and then sell the faulty chips at a reduced
> >     price for non-crypto applications.  but i
> >     expect that most vendors won't bother, but
> >     will silently sell the TRNGs as-is.
> >
> >   * detection of run-time TRNG failures:  how
> >     will the CPU or operating system detect that
> >     the TRNG has stopped working properly?  surely,
> >     neither the CPU nor the OS is going to spon-
> >     taneously sample and test the TRNG's output
> >     for randomness failures, because proper RNG
> >     testing is computationally expensive.
> >
> > - don davis, boston
> >
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com
>


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list