[145760] in cryptography@c2.net mail archive
Re: questions about RNGs and FIPS 140
daemon@ATHENA.MIT.EDU (Eric Murray)
Thu Aug 26 17:35:12 2010
Date: Thu, 26 Aug 2010 14:13:46 -0700
From: Eric Murray <ericm@lne.com>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
Cc: Jerry Leichter <leichter@lrw.com>,
travis+ml-cryptography@subspacefield.org, cryptography@metzdowd.com
In-Reply-To: <20100826162134.GP17097@oracle.com>
On Thu, Aug 26, 2010 at 11:21:35AM -0500, Nicolas Williams wrote:
> Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that
> testing and certification could be feasible?
Yes. (assuming you mean FIPS certification).
Use the TRNG to seed the approved PRNG implementation.
> I'm thinking of a system where a deterministic (seeded) RNG and
> non-deterministic RNG are used to generate a seed for a deterministic
> RNG, which is then used for the remained of the system's operation until
> next boot or next re-seed. That is, the seed for the run-time PRNG
> would be a safe combination (say, XOR) of the outputs of a FIPS 140-2
> PRNG and non-certifiable TNG.
That won't pass FIPS. It's reasonable from a security standpoint,
(although I would use a hash instead of an XOR), but it's not FIPS 140
certifiable.
Since FIPS can't reasonably test the TRNG output, it can't
be part of the output. FIPS 140 is about guaranteeing a certain
level of security, not maximizing security.
Eric
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
