questions about RNGs and FIPS 140

Eric Murray ericm at
Thu Aug 26 17:13:46 EDT 2010

On Thu, Aug 26, 2010 at 11:21:35AM -0500, Nicolas Williams wrote:
> Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that
> testing and certification could be feasible?

Yes.  (assuming you mean FIPS certification).
Use the TRNG to seed the approved PRNG implementation.

> I'm thinking of a system where a deterministic (seeded) RNG and
> non-deterministic RNG are used to generate a seed for a deterministic
> RNG, which is then used for the remained of the system's operation until
> next boot or next re-seed.  That is, the seed for the run-time PRNG
> would be a safe combination (say, XOR) of the outputs of a FIPS 140-2
> PRNG and non-certifiable TNG.

That won't pass FIPS.  It's reasonable from a security standpoint,
(although I would use a hash instead of an XOR), but it's not FIPS 140

Since FIPS can't reasonably test the TRNG output, it can't
be part of the output.  FIPS 140 is about guaranteeing a certain 
level of security, not maximizing security.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list