On Tue, Apr 28, 2009 at 6:02 PM, <ksreedha...@gmail.com> wrote: > > For FIPS, Continuous RNG test should be performed on approved or non > approved RNG that are used. > > If I understand correctly, NSS uses /dev/urandom as entropy source but > it does not generate the random number twice from /dev/urandom and > compare them right.
Right, but this is because the continuout RNG test requirement does not apply to entropy sources. Many entropy sources aren't RNGs. Please see the following for more info on the RNG in the NSS crypto module and its entropy sources: https://wiki.mozilla.org/VE_07KeyMgmt#Random_Number_Generator https://wiki.mozilla.org/VE_07KeyMgmt#Key_Generation In any case, the continuous RNG test is performed by the crypto module itself, rather than by the user of the crypto module. So you don't need to perform the continuous RNG test. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto