questions about RNGs and FIPS 140

Peter Gutmann pgut001 at
Sun Aug 29 02:40:46 EDT 2010

Thor Lancelot Simon <tls at> writes:

>That doesn't make any sense.  DT in that generator is really meant to serve
>the role of a counter, and, in fact, the test harness for that generator
>*requires* it to be a counter.
>The seed for that generator is K.

Well, at least in your opinion it is :-).  And this illustrates the problem
here, just from the small number of contributors to this thread (including
some off-list ones) we've already had a whole pile of different opinions on
how to apply the PRNGs, and as with the labs there's quite some leeway in the
interpretations.  The problem is that the labs take the most conservative,
restrictive interpretation possible for CYA purposes while the people on here
take the best security-engineering interpretation.  The CYA approach may be
safe in terms of making it hard to challenge a ruling afterwards, but it's not
the best way to engineer a secure device or system.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list