David Ahrens <[EMAIL PROTECTED]>:
> Does anyone know if the pseudo random number generator in openssl is
> FIPS-140 compliant?
It doesn't do power-up self tests, so it can't be. If you happen to
be a federal agency, I recommend you stay away from it.
Seriously though, if you want to implement the simple statistical
tests given in FIPS PUB 140-1, then a small Perl script for examining
the output of "openssl rand 25000" should be enough.
However the PRNG makes extensive use of hash functions, and
even if it were weak you could not expect the FIPS PUB 140-1
tests to detect the weakness; the test makes more sense when
applied to PRNGs implemented in hardware (where one of the
data lines might be defective or something like that).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
