PRNG design document?
Ralf-P. Weinmann
weinmann at cdc.informatik.tu-darmstadt.de
Tue Sep 2 17:56:57 EDT 2003
On Fri, Aug 29, 2003 at 03:43:40PM -0400, Tim Dierks wrote:
> [snip]
>
> Allow me to clarify my problem a little. I'm commonly engaged to review
> source code for a security audit, some such programs include a random
> number generator, many of which are of ad-hoc design. The nature of such
> audits is that it's much more appealing to be able to say "here are three
> accepted guidelines that your generator violates" rather than "I haven't
> seen that before and I don't like it, you should replace it with something
> else".
>
> So I'm interested in such design guidelines, if they're available, which
> such a generator could be tested against. While the resources provided have
> been useful, it's only led me to where I was: that the only way to do so is
> to attempt to analyze the system for vulnerability to a collection of known
> flaws.
>
> [snip]
Hi Tim,
I think you should have a look at AIS 20 and AIS 31 - they are a little
bit formal and define their own terminology but otherwise seem to give sound
models.
Evaluation guidelines for both deterministic pseudo-random number generators
(AIS 20) and physical random number generators (AIS 31), have been published by
the BSI (Bundesamt fuer Sicherheit in der Informationstechnik - a German agency
responsible for giving recommendations regarding the security of IT in
government use).
AIS 31 (English): http://www.bsi.de/zertifiz/zert/interpr/trngk31e.pdf
AIS 20 (English): http://www.bsi.de/zertifiz/zert/interpr/ais20e.pdf
There's also a paper published in the CHES 2002 proceedings on the same
subject:
W. Schindler, W. Killmann: Evaluation Criteria for True (Physical) Random
Number Generators Used in Cryptographic Applications
URL: http://www.springerlink.com/openurl.asp?genre=article&issn=0302-9743&volume=2523&spage=431
Cheers,
Ralf
--
Ralf-P. Weinmann <weinmann at cdc.informatik.tu-darmstadt.de>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list