questions about RNGs and FIPS 140
Alexander Klimov
alserkli at inbox.ru
Thu Aug 26 11:24:26 EDT 2010
On Wed, 25 Aug 2010 travis+ml-cryptography at subspacefield.org wrote:
> No, because FIPS 140-2 does not allow TRNGs (what they call non-deterministic).
> I couldn't tell if FIPS 140-1 allowed it, but FIPS 140-2 supersedes FIPS 140-1.
> I assume they don't allow non-determinism because it makes the system harder
> to test/certify, not because it's less secure.
I guess you misinterpret it. In no place 140-2 "does not allow
TRNG". It says that nondeterministic RNGs should be used
*only* for IVs or to seed deterministic RNGs:
<http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf>:
Until such time as an Approved nondeterministic RNG standard
exists, nondeterministic RNGs approved for use in classified
applications may be used for key generation or to seed
Approved deterministic RNGs used in key generation.
Commercially available nondeterministic RNGs may be used for
the purpose of generating seeds for Approved deterministic
RNGs. Nondeterministic RNGs shall comply with all applicable
RNG requirements of this standard.
An Approved RNG shall be used for the generation of
cryptographic keys used by an Approved security function. The
output from a non-Approved RNG may be used 1) as input (e.g.,
seed, and seed key) to an Approved deterministic RNG or 2) to
generate initialization vectors (IVs) for Approved security
function(s). The seed and seed key shall not have the same
value.
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list