questions about RNGs and FIPS 140
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Aug 27 03:20:06 EDT 2010
Nicolas Williams <Nicolas.Williams at oracle.com> writes:
>Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that
>testing and certification could be feasible?
No. If you choose your eval lab carefully you can sneak in a TRNG somewhere
as input to your PRNG, but you can't get a TRNG certified, and if you're
unlucky you won't be allowed to use a TRNG at all.
>I'm thinking of a system where a deterministic (seeded) RNG and non-
>deterministic RNG are used to generate a seed for a deterministic RNG
That's the sensible way of doing it, but will probably be disallowed by the
FIPS lab. In my case I slipped one in through (a) careful choice of lab and
(b) defining the date-time vector DT to be "a hash of the date and time and
miscellaneous other information" where "hash" was "PRF" and "other
information" was the actual entropy input. YMMV based on lab, evaluator,
phase of the moon, and hash of the date and time.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list