questions about RNGs and FIPS 140

Alexander Klimov alserkli at
Thu Aug 26 11:24:26 EDT 2010

On Wed, 25 Aug 2010 travis+ml-cryptography at wrote:
> No, because FIPS 140-2 does not allow TRNGs (what they call non-deterministic).
> I couldn't tell if FIPS 140-1 allowed it, but FIPS 140-2 supersedes FIPS 140-1.
> I assume they don't allow non-determinism because it makes the system harder
> to test/certify, not because it's less secure.

I guess you misinterpret it. In no place 140-2 "does not allow
TRNG".  It says that nondeterministic RNGs should be used
*only* for IVs or to seed deterministic RNGs:


  Until such time as an Approved nondeterministic RNG standard
  exists, nondeterministic RNGs approved for use in classified
  applications may be used for key generation or to seed
  Approved deterministic RNGs used in key generation.
  Commercially available nondeterministic RNGs may be used for
  the purpose of generating seeds for Approved deterministic
  RNGs.  Nondeterministic RNGs shall comply with all applicable
  RNG requirements of this standard.

  An Approved RNG shall be used for the generation of
  cryptographic keys used by an Approved security function.  The
  output from a non-Approved RNG may be used 1) as input (e.g.,
  seed, and seed key) to an Approved deterministic RNG or 2) to
  generate initialization vectors (IVs) for Approved security
  function(s).  The seed and seed key shall not have the same


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list