questions about RNGs and FIPS 140

Wed Aug 25 16:37:16 EDT 2010

Hey all,

Looking for feedback on this section on RNGs:
http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc29
Equations are broken in HTML, but clear in PDF:
http://www.subspacefield.org/security/security_concepts/security_concepts.pdf
I am aware the Renyi entropy link is broken.

I also wanted to double-check these answers before I included them:

1) Is Linux /dev/{u,}random FIPS 140 certified?
No, because FIPS 140-2 does not allow TRNGs (what they call non-deterministic).
I couldn't tell if FIPS 140-1 allowed it, but FIPS 140-2 supersedes FIPS 140-1.
I assume they don't allow non-determinism because it makes the system harder
to test/certify, not because it's less secure.

2) Is CryptGenRandom certified?
Yes - is that because they have a deterministic mode?  Wikipeda makes it sound
like this closed-design system seeds from system timings and other stuff, which
would seem to make it non-deterministic as far as FIPS 140 testing is concerned.

3) Is determinism a good idea?
See Debian OpenSSL fiasco.  I have heard Nevada gaming commission
regulations require non-determinism for obvious reasons.

4) What about VMs?
Rolling back a deterministic RNG on those systems gives the same
values unless/until you re-seed with something new to this iteration.

Do those sound right?
-- 
It asked me for my race, so I wrote in "human". -- The Beastie Boys
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20100825/4604f552/attachment.pgp>