Via puts RNGs on new processors
Arnold G. Reinhold
reinhold at world.std.com
Wed Apr 9 12:36:35 EDT 2003
At 4:22 PM -0700 4/8/03, Joshua Hill wrote:
>On Tue, Apr 08, 2003 at 04:24:27PM -0400, Anton Stiglic wrote:
>>
>> In fact to be a bit more precise, for FIPS 140-2 level 3 the module
>> needs to provide a call for the statistical tests, and it may automatically
>> start the tests on power up. For FIPS 140-2 level 4, the module must
>> execute the statistical tests on power up.
>
>This was the case for the initial version of the standard (as well as FIPS
>140-1), but this requirement has since been dropped. (as of Dec 3, 2002)
>
>There are no longer any power on or user initiated statistical tests
>required by FIPS 140-2. The testing lab still needs to perform some
>tests while testing the module, but that's the extent of it.
>
The FIPS-140 tests failed if they found excessive deviations from
perfect randomness. That's overkill for detecting most hardware
failures, say all output stuck on, and fails to address the real
danger: someone substituting a PRNG seeded from a small set of values
known to the attacker. A substitution could be effected through a
trap door in the CPU micro code, the operating system or by a worm.
Designed properly, such a PRNG would pass the FIPS-140 statistical
tests with flying colors.
One nice feature of the VIA TRNG is that hardware whitening can be
disabled. This facilitates testing for deviations from randomness
that would be expected from the underlying design, particularly
deviations that can be correlated with physical properties like chip
temperature and supply voltage. Output that appeared perfect would
be suspect.
Of course any behavior can be faked with enough resources, so at best
a CPU TRNG should be used as one more input to a randomness generator.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list