Re: non-approved PRNG in FIPS mode
Thanks Wan-Teh for the reply. In the link you have sent it is stated that, The initial value of XKEY is derived using the following procedure. We obtain 1024 bytes from the system random number generator. On Windows XP SP 2, we call the CryptGenRandom function in the CryptoAPI. On Solaris, HP-UX, Linux, and Mac OS X, we read from the special device /dev/urandom. So, system random number generator (which is used for seed) is not FIPS approved RNG and continuous tests have to be performed on this right. Thanks, Sreedhar On Apr 28, 9:41 pm, Wan-Teh Chang w...@google.com wrote: On Tue, Apr 28, 2009 at 6:02 PM, ksreedha...@gmail.com wrote: For FIPS, Continuous RNG test should be performed on approved or non approved RNG that are used. If I understand correctly, NSS uses /dev/urandom as entropy source but it does not generate the random number twice from /dev/urandom and compare them right. Right, but this is because the continuout RNG test requirement does not apply to entropy sources. Many entropy sources aren't RNGs. Please see the following for more info on the RNG in the NSS crypto module and its entropy sources:https://wiki.mozilla.org/VE_07KeyMgmt#Random_Number_Generatorhttps://wiki.mozilla.org/VE_07KeyMgmt#Key_Generation In any case, the continuous RNG test is performed by the crypto module itself, rather than by the user of the crypto module. So you don't need to perform the continuous RNG test. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: non-approved PRNG in FIPS mode
On Wed, Apr 29, 2009 at 4:01 PM, ksreedha...@gmail.com wrote: In the link you have sent it is stated that, The initial value of XKEY is derived using the following procedure. We obtain 1024 bytes from the system random number generator. On Windows XP SP 2, we call the CryptGenRandom function in the CryptoAPI. On Solaris, HP-UX, Linux, and Mac OS X, we read from the special device /dev/urandom. So, system random number generator (which is used for seed) is not FIPS approved RNG and continuous tests have to be performed on this right. No. We use /dev/urandom as an entropy source, not as an RNG. The fact that /dev/urandom is an RNG is irrelevant here. The continuous RNG test does not apply to entropy sources. To see this point, consider the other entropy sources we use, such as the current timestamp and the names, values, and memory addresses of all the environment variables. It should be clear that the continuous RNG test cannot be applied to entropy sources. Finally, I want to reiterate what I said in my previous reply: ... the continuous RNG test is performed by the crypto module itself, rather than by the user of the crypto module. So you don't need to perform the continuous RNG test. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: non-approved PRNG in FIPS mode
Hello Nelson, I didn't frame my original question correctly. For FIPS, Continuous RNG test should be performed on approved or non approved RNG that are used. If I understand correctly, NSS uses /dev/urandom as entropy source but it does not generate the random number twice from /dev/urandom and compare them right. Is my understanding correct in which case, I may have to do these tests myself. Thanks, Sreedhar On Apr 24, 2:10 pm, Nelson B Bolyard nel...@bolyard.me wrote: ksreedha...@gmail.com wrote, On 2009-04-24 14:04: Hello, I am using NSS 3.11.4 and NSPR 4.6.4 Will the non-approved PRNG of NSS be functional/usable when NSS is in FIPS mode. What non-approved PRNG of NSS ? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: non-approved PRNG in FIPS mode
On Tue, Apr 28, 2009 at 6:02 PM, ksreedha...@gmail.com wrote: For FIPS, Continuous RNG test should be performed on approved or non approved RNG that are used. If I understand correctly, NSS uses /dev/urandom as entropy source but it does not generate the random number twice from /dev/urandom and compare them right. Right, but this is because the continuout RNG test requirement does not apply to entropy sources. Many entropy sources aren't RNGs. Please see the following for more info on the RNG in the NSS crypto module and its entropy sources: https://wiki.mozilla.org/VE_07KeyMgmt#Random_Number_Generator https://wiki.mozilla.org/VE_07KeyMgmt#Key_Generation In any case, the continuous RNG test is performed by the crypto module itself, rather than by the user of the crypto module. So you don't need to perform the continuous RNG test. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
non-approved PRNG in FIPS mode
Hello, I am using NSS 3.11.4 and NSPR 4.6.4 Will the non-approved PRNG of NSS be functional/usable when NSS is in FIPS mode. Thanks, Sreedhar -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: non-approved PRNG in FIPS mode
ksreedha...@gmail.com wrote, On 2009-04-24 14:04: Hello, I am using NSS 3.11.4 and NSPR 4.6.4 Will the non-approved PRNG of NSS be functional/usable when NSS is in FIPS mode. What non-approved PRNG of NSS ? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto