[145769] in cryptography@c2.net mail archive
Re: questions about RNGs and FIPS 140
daemon@ATHENA.MIT.EDU (Thor Lancelot Simon)
Fri Aug 27 16:49:23 2010
Date: Fri, 27 Aug 2010 14:02:28 -0400
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: leichter@lrw.com, Nicolas.Williams@oracle.com,
cryptography@metzdowd.com, travis+ml-cryptography@subspacefield.org
In-Reply-To: <E1OotEM-0004rp-P5@wintermute02.cs.auckland.ac.nz>
On Fri, Aug 27, 2010 at 07:20:06PM +1200, Peter Gutmann wrote:
>
> No. If you choose your eval lab carefully you can sneak in a TRNG somewhere
> as input to your PRNG, but you can't get a TRNG certified, and if you're
> unlucky you won't be allowed to use a TRNG at all.
I am surprised you'd have trouble with this at any lab. Isn't there
specific guidance on this in the DTRs? My 10-years-rusty recollection
is that, specifically, the input used to key the Approved RNG may not
contain provably less entropy than the Approved RNG's output, or words
very close to that in effect.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
