Thor Lancelot Simon <t...@panix.com> writes: >On Fri, Aug 27, 2010 at 07:20:06PM +1200, Peter Gutmann wrote: >> No. If you choose your eval lab carefully you can sneak in a TRNG somewhere >> as input to your PRNG, but you can't get a TRNG certified, and if you're >> unlucky you won't be allowed to use a TRNG at all. > >I am surprised you'd have trouble with this at any lab.
As a general rule for FIPS 140, *anything* can be a problem at *any* lab. This case seems to be particularly ambiguous, with labs interepreting it in a variety of different ways (this is both from evals I've been part of and from talking to other people who've had stuff evaluated). For example the OpenSSL guys had to remove fork-protection from their RNG at the request of the lab. I didn't, but that's because I didn't document it as being present, and if they don't read about it they can't object to it. (It's kind of depressing that engineering a properly secure system requires gaming the arbitrary requirements in the certification process). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com