questions about RNGs and FIPS 140
Ben Laurie
ben at links.org
Sun Sep 5 10:11:39 EDT 2010
On 27/08/2010 19:38, Joshua Hill wrote:
> The fact is that all of the approved deterministic RNGs have places that
> you are expected to use to seed the generator. The text of the standard
> explicitly states that you can use non-approved non-deterministic RNGs
> to seed your approved deterministic RNG.
This is nice.
> It's an even better situation if you look at the modern deterministic RNGs
> described in NIST SP800-90. (You'll want to use these, anyway. They are
> better designs and last I heard, NIST was planning on retiring the other
> approved deterministic RNGs.) Every design in SP800-90 requires that your
> initial seed is appropriately large and unpredictable, and the designs all
> allow (indeed, require!) periodic reseeding in similarly reasonable ways.
Given that we seem to have agreed that "unpredictable" is kinda hard,
I'm amused that SP800-90 requires it. If it is a requirement then I
wonder why NIST didn't specify how to generate and validate such a seed?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list