questions about RNGs and FIPS 140
Eric Murray
ericm at lne.com
Thu Aug 26 17:13:46 EDT 2010
On Thu, Aug 26, 2010 at 11:21:35AM -0500, Nicolas Williams wrote:
> Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that
> testing and certification could be feasible?
Yes. (assuming you mean FIPS certification).
Use the TRNG to seed the approved PRNG implementation.
> I'm thinking of a system where a deterministic (seeded) RNG and
> non-deterministic RNG are used to generate a seed for a deterministic
> RNG, which is then used for the remained of the system's operation until
> next boot or next re-seed. That is, the seed for the run-time PRNG
> would be a safe combination (say, XOR) of the outputs of a FIPS 140-2
> PRNG and non-certifiable TNG.
That won't pass FIPS. It's reasonable from a security standpoint,
(although I would use a hash instead of an XOR), but it's not FIPS 140
certifiable.
Since FIPS can't reasonably test the TRNG output, it can't
be part of the output. FIPS 140 is about guaranteeing a certain
level of security, not maximizing security.
Eric
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list