questions about RNGs and FIPS 140

Eric Murray ericm at
Thu Aug 26 13:10:02 EDT 2010

On Thu, Aug 26, 2010 at 12:13:06PM -0400, Perry E. Metzger wrote:
> It is difficult to validate that a hardware RNG is working
> correctly. How do you know the bits being put off aren't skewed
> somehow by a manufacturing defect? How do you know that damage in the
> field won't cause the RNG to become less random?

FIPS 140-1 did allow non-deterministic HW RNGs.  If you used one
then you had to run a boot-time self-test which, while not even close to an
exhaustive RNG test, would hopefully detect a HW RNG that had failed.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list