questions about RNGs and FIPS 140

Peter Gutmann pgut001 at
Fri Aug 27 03:20:06 EDT 2010

Nicolas Williams <Nicolas.Williams at> writes:

>Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that
>testing and certification could be feasible?

No.  If you choose your eval lab carefully you can sneak in a TRNG somewhere
as input to your PRNG, but you can't get a TRNG certified, and if you're
unlucky you won't be allowed to use a TRNG at all.

>I'm thinking of a system where a deterministic (seeded) RNG and non-
>deterministic RNG are used to generate a seed for a deterministic RNG

That's the sensible way of doing it, but will probably be disallowed by the
FIPS lab.  In my case I slipped one in through (a) careful choice of lab and
(b) defining the date-time vector DT to be "a hash of the date and time and
miscellaneous other information" where "hash" was "PRF" and "other
information" was the actual entropy input.  YMMV based on lab, evaluator,
phase of the moon, and hash of the date and time.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list