[145734] in cryptography@c2.net mail archive
questions about RNGs and FIPS 140
daemon@ATHENA.MIT.EDU (travis+ml-cryptography@subspacefie)
Wed Aug 25 23:28:29 2010
Date: Wed, 25 Aug 2010 13:37:16 -0700
From: travis+ml-cryptography@subspacefield.org
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hey all,
Looking for feedback on this section on RNGs:
http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc29
Equations are broken in HTML, but clear in PDF:
http://www.subspacefield.org/security/security_concepts/security_concepts.p=
df
I am aware the Renyi entropy link is broken.
I also wanted to double-check these answers before I included them:
1) Is Linux /dev/{u,}random FIPS 140 certified?
No, because FIPS 140-2 does not allow TRNGs (what they call non-determinist=
ic).
I couldn't tell if FIPS 140-1 allowed it, but FIPS 140-2 supersedes FIPS 14=
0-1.
I assume they don't allow non-determinism because it makes the system harder
to test/certify, not because it's less secure.
2) Is CryptGenRandom certified?
Yes - is that because they have a deterministic mode? Wikipeda makes it so=
und
like this closed-design system seeds from system timings and other stuff, w=
hich
would seem to make it non-deterministic as far as FIPS 140 testing is conce=
rned.
3) Is determinism a good idea?
See Debian OpenSSL fiasco. I have heard Nevada gaming commission
regulations require non-determinism for obvious reasons.
4) What about VMs?
Rolling back a deterministic RNG on those systems gives the same
values unless/until you re-seed with something new to this iteration.
Do those sound right?
--=20
It asked me for my race, so I wrote in "human". -- The Beastie Boys
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/=20
If you are a spammer, please email john@subspacefield.org to get blackliste=
d.
--FL5UXtIhxfXey3p5
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (OpenBSD)
iQIcBAEBAgAGBQJMdX77AAoJEGQVZZEDJt9H7ywP/3sTP2mEklkpfJgIrsm8vYj2
3YRDUnfwXI3uYM+fkmzzzejPhNKlwlzvuTN0DjX/ZaU145zK7t9W6gSpTdxIvdk6
YVlbz8j1UXwsdJKiR46pF02QJqrB31oETAIiDlkNx8nJTQHCO13tgHdNTWS1MA9b
E39Y03/J+J1e3kKepdASBgI06PKpYvUwwzRs0LgJp42OBGJ/DXLeZfMTXjafMFyW
F/Xmr603WO0by+RkrQIFjb2MAIh2cgCXkrGHauqPUfE3Vl5BlAbhSMmJHEbaVmCi
VpWYsRq3bnoxMwN5YBiivIScE2gVnY/rnlMK91hYvOHTXzeNtbH8fBuRj0BUHuJw
QWiqrPtI9jJnBbVSlkUVc9Z2m1/vYgM0QYSnSK3RHdGkXaGt5eOUAbmOXssvq+X1
kpnnSTS+ubcJABMFyIQhkepOkWl0fVjnP9UmUmkpQSjspSelPeRNZRjHXMUSIH9z
5Ld3B98pXGShA9SCPRQLuAsiWWijG9JJd8U9B3F+1go2Q0VZDwTT7hkqwn2Q2n4B
LqMoHaR6nOZdr4tIO+uwHlCTSxlxJP0apPSRxJFPynRstIXrsTeJCkSfq0WdzhtP
kz4056xJamN94NJ37n5OGebiZWNr7fOlVKHoXPscxNnLDXkKeeapfAImFBlxUvbU
Viz07tHBaDpExsaML18I
=XD9y
-----END PGP SIGNATURE-----
--FL5UXtIhxfXey3p5--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
