PRNG design document?
Anton Stiglic
astiglic at okiok.com
Wed Aug 27 09:46:29 EDT 2003
----- Original Message -----
From: "Bob Baldwin PlusFive" <baldwin at plusfive.com>
To: "Tim Dierks" <tim at dierks.org>
Cc: <cryptography at metzdowd.com>
Sent: Friday, August 22, 2003 1:00 PM
Subject: Re: PRNG design document?
> Tim,
> One issue to consider is whether the system
> that includes the PRNG will ever need a FIPS-140-2
> rating.
> [...]
As you mentioned, the FIPS-140-2 approved PRNG
are deterministic, they take a random seed and extend it
to more random bytes. But FIPS-140-2 has no
provision for generating the seed in the first place,
this is where something like Yarrow or the cryptlib
RNG come in handy.
So if you want FIPS-140-2 compliance, generate a
seed using something based on Yarrow or cryptlib RNG
(or if you have a good hardware RNG use that to
generate the seed), and then apply a FIPS approved
PRNG to the seed.
NIST should really approve something like Yarrow
or Peter Gutmann's design...
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list