Nicolas Williams <nicolas.willi...@oracle.com> writes: >Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that >testing and certification could be feasible?
On Fri, Aug 27, 2010 at 07:20:06PM +1200, Peter Gutmann responded: > No. If you choose your eval lab carefully you can sneak in a TRNG > somewhere as input to your PRNG Peter, I'm sorry, but this dances on the edge of "obviously factually incorrect". Could there be some lab / tester who doesn't like just about everything? I suppose so, but that's more a consequence of the somewhat bizarre FIPS 140 testing arrangement than what NIST thinks the standard says. The fact is that all of the approved deterministic RNGs have places that you are expected to use to seed the generator. The text of the standard explicitly states that you can use non-approved non-deterministic RNGs to seed your approved deterministic RNG. It's an even better situation if you look at the modern deterministic RNGs described in NIST SP800-90. (You'll want to use these, anyway. They are better designs and last I heard, NIST was planning on retiring the other approved deterministic RNGs.) Every design in SP800-90 requires that your initial seed is appropriately large and unpredictable, and the designs all allow (indeed, require!) periodic reseeding in similarly reasonable ways. Nicolas Williams <nicolas.willi...@oracle.com> writes: >I'm thinking of a system where a deterministic (seeded) RNG and non- >deterministic RNG are used to generate a seed for a deterministic RNG This is explicitly allowed within the standard. You will have to argue that the strength of this seed is appropriate to support the key generation that you perform. To be clear, there are other requirements (continuous RNG test, etc), but the basic idea you outlined is directly allowed by the text of the standard. On Fri, Aug 27, 2010 at 07:20:06PM +1200, Peter Gutmann wrote: > That's the sensible way of doing it, but will probably be disallowed > by the FIPS lab. >From the second paragraph of section 4.7.1 in FIPS 140-2: "Commercially available nondeterministic RNGs may be used for the purpose of generating seeds for Approved deterministic RNGs." Josh --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com