questions about RNGs and FIPS 140
Thor Lancelot Simon
tls at rek.tjls.com
Fri Aug 27 14:02:28 EDT 2010
On Fri, Aug 27, 2010 at 07:20:06PM +1200, Peter Gutmann wrote:
>
> No. If you choose your eval lab carefully you can sneak in a TRNG somewhere
> as input to your PRNG, but you can't get a TRNG certified, and if you're
> unlucky you won't be allowed to use a TRNG at all.
I am surprised you'd have trouble with this at any lab. Isn't there
specific guidance on this in the DTRs? My 10-years-rusty recollection
is that, specifically, the input used to key the Approved RNG may not
contain provably less entropy than the Approved RNG's output, or words
very close to that in effect.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list