[Cryptography] [RNG] /dev/random initialisation
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Oct 30 00:14:55 EDT 2013
John Kelsey <crypto.jmk at gmail.com> writes:
>On Oct 28, 2013, at 5:28 PM, dj at deadhat.com wrote:
>...
>> But the specifications (SP800-90x & FIPS 140-2) make it spectacularly hard
>> to mix in multiple sources in a compliant way. SP800-90 gives a way to mix
>> in "additional entropy" and "personalization strings", but FIPS 140-2
>> states that all sources must be authenticated. All configuring entities
>> must be authenticated. Try authenticating hardware on one end of chip
>> against hardware at the other end of the chip. It is the mother of all
>> chicken and egg problems.
>
>Wait, the FIPS labs refuse to let you put your own stuff into those
>additional inputs?
Yes, they won't let you feed in additional entropy. In my case I managed to
get around it through some code subterfuge (they think they got what they
asked for and I know it was actually done right, not the way they wanted), but
it wouldn't surprise me if other implementers just threw up their hands and
did what the labs wanted.
Peter.
More information about the cryptography
mailing list