[145764] in cryptography@c2.net mail archive
Re: questions about RNGs and FIPS 140
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Aug 27 12:40:24 2010
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: leichter@lrw.com, Nicolas.Williams@oracle.com
Cc: cryptography@metzdowd.com, travis+ml-cryptography@subspacefield.org
In-Reply-To: <20100826162134.GP17097@oracle.com>
Date: Fri, 27 Aug 2010 19:20:06 +1200
Nicolas Williams <Nicolas.Williams@oracle.com> writes:
>Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that
>testing and certification could be feasible?
No. If you choose your eval lab carefully you can sneak in a TRNG somewhere
as input to your PRNG, but you can't get a TRNG certified, and if you're
unlucky you won't be allowed to use a TRNG at all.
>I'm thinking of a system where a deterministic (seeded) RNG and non-
>deterministic RNG are used to generate a seed for a deterministic RNG
That's the sensible way of doing it, but will probably be disallowed by the
FIPS lab. In my case I slipped one in through (a) careful choice of lab and
(b) defining the date-time vector DT to be "a hash of the date and time and
miscellaneous other information" where "hash" was "PRF" and "other
information" was the actual entropy input. YMMV based on lab, evaluator,
phase of the moon, and hash of the date and time.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
