[14003] in cryptography@c2.net mail archive
Re: PRNG design document?
daemon@ATHENA.MIT.EDU (Ralf-P. Weinmann)
Wed Sep 3 09:20:07 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 2 Sep 2003 23:56:57 +0200
From: "Ralf-P. Weinmann" <weinmann@cdc.informatik.tu-darmstadt.de>
To: Tim Dierks <tim@dierks.org>
Cc: cryptography@metzdowd.com
Mail-Followup-To: Tim Dierks <tim@dierks.org>,
cryptography@metzdowd.com
In-Reply-To: <6.0.0.10.2.20030829150413.04273800@127.0.0.1>; from tim@dierks.org on Fri, Aug 29, 2003 at 03:43:40PM -0400
On Fri, Aug 29, 2003 at 03:43:40PM -0400, Tim Dierks wrote:
> [snip]
>
> Allow me to clarify my problem a little. I'm commonly engaged to review
> source code for a security audit, some such programs include a random
> number generator, many of which are of ad-hoc design. The nature of such
> audits is that it's much more appealing to be able to say "here are three
> accepted guidelines that your generator violates" rather than "I haven't
> seen that before and I don't like it, you should replace it with something
> else".
>
> So I'm interested in such design guidelines, if they're available, which
> such a generator could be tested against. While the resources provided have
> been useful, it's only led me to where I was: that the only way to do so is
> to attempt to analyze the system for vulnerability to a collection of known
> flaws.
>
> [snip]
Hi Tim,
I think you should have a look at AIS 20 and AIS 31 - they are a little
bit formal and define their own terminology but otherwise seem to give sound
models.
Evaluation guidelines for both deterministic pseudo-random number generators
(AIS 20) and physical random number generators (AIS 31), have been published by
the BSI (Bundesamt fuer Sicherheit in der Informationstechnik - a German agency
responsible for giving recommendations regarding the security of IT in
government use).
AIS 31 (English): http://www.bsi.de/zertifiz/zert/interpr/trngk31e.pdf
AIS 20 (English): http://www.bsi.de/zertifiz/zert/interpr/ais20e.pdf
There's also a paper published in the CHES 2002 proceedings on the same
subject:
W. Schindler, W. Killmann: Evaluation Criteria for True (Physical) Random
Number Generators Used in Cryptographic Applications
URL: http://www.springerlink.com/openurl.asp?genre=article&issn=0302-9743&volume=2523&spage=431
Cheers,
Ralf
--
Ralf-P. Weinmann <weinmann@cdc.informatik.tu-darmstadt.de>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
