questions about RNGs and FIPS 140
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Aug 28 02:29:12 EDT 2010
Thor Lancelot Simon <tls at panix.com> writes:
>On Fri, Aug 27, 2010 at 07:20:06PM +1200, Peter Gutmann wrote:
>> No. If you choose your eval lab carefully you can sneak in a TRNG somewhere
>> as input to your PRNG, but you can't get a TRNG certified, and if you're
>> unlucky you won't be allowed to use a TRNG at all.
>
>I am surprised you'd have trouble with this at any lab.
As a general rule for FIPS 140, *anything* can be a problem at *any* lab. This
case seems to be particularly ambiguous, with labs interepreting it in a
variety of different ways (this is both from evals I've been part of and from
talking to other people who've had stuff evaluated). For example the OpenSSL
guys had to remove fork-protection from their RNG at the request of the lab.
I didn't, but that's because I didn't document it as being present, and if
they don't read about it they can't object to it.
(It's kind of depressing that engineering a properly secure system requires
gaming the arbitrary requirements in the certification process).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list