The fact that something occurs routinely doesn't actually make it a good idea. I've seen stuff in FIPS 140 evaluations that makes my skin crawl.
This is CRI, so I'm fairly confident nobody is cutting corners. But that doesn't mean the practice is a good one. On Jun 18, 2012, at 5:52 AM, Paweł Krawczyk <pawel.krawc...@hush.com> wrote: > Well, who otherwise should pay for that? Consumer Federation of America? > It's quite normal practice for a vendor to contract a 3rd party that > performs a security assessment or penetration test. If you are a smartcard > vendor it's also you who pays for Common Criteria certification of your > product. > > -----Original Message----- > From: cryptography-boun...@randombit.net > [mailto:cryptography-boun...@randombit.net] On Behalf Of Francois Grieu > Sent: Monday, June 18, 2012 11:04 AM > To: cryptography@randombit.net > Subject: Re: [cryptography] Intel RNG > > d...@deadhat.com wrote: > >> CRI has published an independent review of the RNG behind the RdRand >> instruction: >> http://www.cryptography.com/public/pdf/Intel_TRNG_Report_20120312.pdf > > where *independent* is to be taken as per this quote: > "This report was prepared by Cryptography Research, Inc. (CRI) > under contract to Intel Corporation" > > Francois Grieu > > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography > > > > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
