[145331] in cryptography@c2.net mail archive
Re: Intel to also add RNG
daemon@ATHENA.MIT.EDU (Eric Murray)
Mon Jul 12 17:39:00 2010
Date: Mon, 12 Jul 2010 13:13:44 -0700
From: Eric Murray <ericm@lne.com>
To: Paul Wouters <paul@xelerance.com>
Cc: Eric Murray <ericm@lne.com>, cryptography@metzdowd.com,
cypherpunks@al-qaeda.net
In-Reply-To: <alpine.LFD.1.10.1007121533560.25599@newtla.xelerance.com>
On Mon, Jul 12, 2010 at 03:37:45PM -0400, Paul Wouters wrote:
> On Mon, 12 Jul 2010, Eric Murray wrote:
>
>> Then there's FIPS- current 140 doesn't have a provision for HW RNG.
>> They certify software RNG only, presumeably because proving a HW RNG to be
>> random enough is very difficult. So what's probably the primary market
>> (companies who want to meet FIPS) isn't available.
>
> So you can do HWRNG -> SWRNG -> Fips ?
Last FIPS cert I did (140-2, a couple years ago), it was SWRNG only.
X9.62 or FIPS 186 or X9.31 or SP 800-90.
I couldn't even use a HW RNG for the seed. /dev/random was acceptable.
> Also,
> the VIA PadLock already ships with an HWRNG on die. It's been shipping
> for years.
True that.
Eric
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
