Adam Back wrote:
About the criticisms of Common Critera evaluation in general, I think
why people complain it is a documentation exercise is because pretty
much all it does ensure that it does what it says it does. So
basically you have to enumerates threats, state what threats the
system is
Thor Lancelot Simon [EMAIL PROTECTED] writes:
On Tue, Dec 26, 2006 at 05:36:42PM +1300, Peter Gutmann wrote:
In addition I've heard of evaluations where the generator is required to use
a
monotonically increasing counter (clock value) as the seed, so you can't just
use the PRNG as a
Ben Laurie [EMAIL PROTECTED] writes:
While we're at it, an amusing fact I learnt about FIPS-140 while I was
implementing it for OpenSSL is that some of the Monte Carlo tests have output
that's independent of the input.
Did you also notice that the MCT test vectors published in The Random Number
Peter Gutmann wrote:
Ben Laurie [EMAIL PROTECTED] writes:
While we're at it, an amusing fact I learnt about FIPS-140 while I was
implementing it for OpenSSL is that some of the Monte Carlo tests have output
that's independent of the input.
Did you also notice that the MCT test vectors
On 27 Dec 2006 14:10:10 -0500, Thor Lancelot Simon wrote:
On Tue, Dec 26, 2006 at 05:36:42PM +1300, Peter Gutmann wrote:
In addition I've heard of evaluations where the generator is required to use
a
monotonically increasing counter (clock value) as the seed, so you can't just
use the PRNG
On Tue, Dec 26, 2006 at 05:36:42PM +1300, Peter Gutmann wrote:
In addition I've heard of evaluations where the generator is required to use a
monotonically increasing counter (clock value) as the seed, so you can't just
use the PRNG as a postprocessor for an entropy polling mechanism. Then
On 22 Dec 2006 11:43:58 -0500, Perry E. Metzger wrote:
[I was asked to forward this anonymously. --Perry]
From: [Name Withheld]
To: cryptography@metzdowd.com
Subject: Re: How important is FIPS 140-2 Level 1 cert?
Paul Hoffman [EMAIL PROTECTED] wrote:
At 11:25 AM -0500 12/21/06, Saqib
Leichter, Jerry [EMAIL PROTECTED] writes:
| From: [Name Withheld]
| Actually you cant even guarantee that because the FIPS 140 requirements
| for the ANSI X9.17/X9.31 PRNG include a pile of oddball things that made
| sense for the original X9.17 use (where it was assumed the only source
| of
Anoymous wrote:
[criticizing FIPS CRNGs]
You can make a secure CRNG that you can obtain FIPS 140 certification
on using the FIPS 186-2 appendix 3.1 (one of my clients got FIPS 140
on an implementation of the FIPS 186-2 RNG that I implemented for
general key generation and such crypto use.)
You
restrictions on current implementations. As a result a FIPS 140-
certified key generator will be worse than a well-designed non-FIPS-140
one because the FIPS requirements prevent you from doing several things
that would improve the functioning like injecting extra entropy into the
generator
| From: [Name Withheld]
| To: cryptography@metzdowd.com
| Subject: Re: How important is FIPS 140-2 Level 1 cert?
|
| Paul Hoffman [EMAIL PROTECTED] wrote:
|
| At 11:25 AM -0500 12/21/06, Saqib Ali wrote:
| If two products have exactly same feature set, but one is FIPS 140-2
| Level 1
At 11:25 AM -0500 12/21/06, Saqib Ali wrote:
I would like to know how much weight people usually give to the FIPS
140-2 Level 1 certification.
US federal agencies are supposed to require that certification for
any system they buy that uses crypto.
Sometimes, US state agencies require it as
Assuming that the two products use Internet protocols (as compared to
proprietary protocols):
I don't understand this statement. What do you mean by internet
protocol vs proprietary protocol???
And also we are looking at FDE solutions, so there are no internet
protocols involved in that.
no.
At 8:15 PM -0500 12/21/06, Saqib Ali wrote:
Assuming that the two products use Internet protocols (as compared to
proprietary protocols):
I don't understand this statement. What do you mean by internet
protocol vs proprietary protocol???
Now seeing what your company does, I can see where you
[I was asked to forward this anonymously. --Perry]
From: [Name Withheld]
To: cryptography@metzdowd.com
Subject: Re: How important is FIPS 140-2 Level 1 cert?
Paul Hoffman [EMAIL PROTECTED] wrote:
At 11:25 AM -0500 12/21/06, Saqib Ali wrote:
If two products have exactly same feature set
15 matches
Mail list logo