[145755] in cryptography@c2.net mail archive
Re: questions about RNGs and FIPS 140
daemon@ATHENA.MIT.EDU (Eric Murray)
Thu Aug 26 13:52:55 2010
Date: Thu, 26 Aug 2010 10:10:02 -0700
From: Eric Murray <ericm@lne.com>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: travis+ml-cryptography@subspacefield.org,
cryptography@metzdowd.com
In-Reply-To: <20100826121306.27b330ac@seasnet-6-11.cis.upenn.edu>
On Thu, Aug 26, 2010 at 12:13:06PM -0400, Perry E. Metzger wrote:
> It is difficult to validate that a hardware RNG is working
> correctly. How do you know the bits being put off aren't skewed
> somehow by a manufacturing defect? How do you know that damage in the
> field won't cause the RNG to become less random?
FIPS 140-1 did allow non-deterministic HW RNGs. If you used one
then you had to run a boot-time self-test which, while not even close to an
exhaustive RNG test, would hopefully detect a HW RNG that had failed.
Eric
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
