On Wed, 25 Aug 2010 travis+ml-cryptogra...@subspacefield.org wrote: > No, because FIPS 140-2 does not allow TRNGs (what they call > non-deterministic). > I couldn't tell if FIPS 140-1 allowed it, but FIPS 140-2 supersedes FIPS > 140-1. > I assume they don't allow non-determinism because it makes the system harder > to test/certify, not because it's less secure.
I guess you misinterpret it. In no place 140-2 "does not allow TRNG". It says that nondeterministic RNGs should be used *only* for IVs or to seed deterministic RNGs: <http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf>: Until such time as an Approved nondeterministic RNG standard exists, nondeterministic RNGs approved for use in classified applications may be used for key generation or to seed Approved deterministic RNGs used in key generation. Commercially available nondeterministic RNGs may be used for the purpose of generating seeds for Approved deterministic RNGs. Nondeterministic RNGs shall comply with all applicable RNG requirements of this standard. An Approved RNG shall be used for the generation of cryptographic keys used by an Approved security function. The output from a non-Approved RNG may be used 1) as input (e.g., seed, and seed key) to an Approved deterministic RNG or 2) to generate initialization vectors (IVs) for Approved security function(s). The seed and seed key shall not have the same value. -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com