Use of TPM chip for RNG?
Anne & Lynn Wheeler
lynn at garlic.com
Wed Jul 5 14:26:20 EDT 2006
Peter Gutmann wrote:
> Exactly. The FIPS 140 (strictly speaking X9.17/X9.31 PRNG) tests test a
> generator's determinism, not its nondeterminism. In other word they generate
> a set of input/output pairs from a known-good generator and then make sure
> that the generator being certified produces the same output. Actually getting
> nondeterminism into the process is quite tricky, and involves extremely
> careful and creative reinterpretation of the "DT vector" (date-and-time)
> input. The non-creatively-interpreted generator depends for its strength
> entirely on the key chosen for the PRNG. If it's constant across all devices,
> it'll pass the certification but its strength will be close to zero.
i.e. you have to actually understand what is being tested; fips, common
criteria, etc. there was a presentation a couple years ago on common
criteria certification for the same EAL4 level ... supposedly something
like 64 certifications had been done to the same protection profile ...
but in the fine print, something like sixty (of the 64) evaluations had
some sort of (unspecified) deviations ... so you didn't even know that
two "things" evaluated to the same level with supposedly the same
protection profile ... were in any way comparable (assuming you actually
have access to protection profiles that being used for the evaluations).
i believe some of the earlier mention chips
http://www.garlic.com/~lynn/aadsm24.htm#19 Use of TPM chip for RNG?
had been FIPS140 evaluated ... even tho that the 64k power on/off tests
followed by RNG were found to have something like 30percent of the
values repeat of some previous generated value.
we started seriously looking at aads chip strawman
http://www.garlic.com/~lynn/x959.html#aads
around '98 ... in part, support x9.59 transactions ... and mandated both
on-chip keygen as well as EC/DSA ... both operations requiring fairly
high integrity RNG. However, at the time, I somewhat facetiously claimed
that we were going to take a $500 milspec part, cost reduce it by better
than two orders of magnitude and at the same time improving its
security/integrity. In any case, significantly higher RNG assurance was
requiren that what was normally found in most chips.
I made somewhat the same claim in an assurance panel at spring 2001 IDF
in the TPM track ... somewhat chiding the TPM people in the audience.
Another aspect of evaluation certification was that a lot of chips were
evaluated straight out of the fab ... based on the characteristic of the
chip at that moment. after that the appications and crypto were loaded
onto the chip (so even for chips that might have some RNG capability,
since the applications that might expose any RNG characteristics weren't
yet loaded ... RNG wasn't part of the chip evaluation).
What we ran into with aads chip strawman ... was that key-gen and ec/dsa
was built into the manufactored chip as it came from the fab. As a
result key-gen and ec/dsa became part of the chip evaluation ... and
formal definition of same, limited the evaluation level. this was even
tho that other uses of very similar chips were able to claim much higher
certification levels (since they were able to certify prior to loading
various crypto and RNG related applications ... aka there were
significant differences in the protection profiles that the
certifications were based on).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list