Re: [openssl-dev] DRBG entropy

2016-08-01 Thread John Denker
On 08/01/2016 02:17 AM, Leon Brits wrote: > Am I correct to state that for a tested entropy source of 2b/B and > the same assumptions as in the paragraph, I need to return 8 blocks > of 16B each in my get_entropy() callback? No, that is not correct, for the reasons previously explained. > Again

Re: [openssl-dev] DRBG entropy

2016-08-01 Thread Leon Brits
Kurt, > -Original Message- > From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of > Kurt Roeckx > Sent: 30 July 2016 12:19 AM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] DRBG entropy > Have you tried running NIST's software

Re: [openssl-dev] DRBG entropy

2016-07-29 Thread Kurt Roeckx
On Thu, Jul 28, 2016 at 09:08:32AM -0700, John Denker wrote: > > That means the chip design is broken in ways that the manufacturer > does not understand. The mfgr data indicates it "should" be much > better than that: > http://www.fdk.com/cyber-e/pdf/HM-RAE103.pdf Reading that, you don't

Re: [openssl-dev] DRBG entropy

2016-07-29 Thread Kurt Roeckx
On Thu, Jul 28, 2016 at 03:40:38PM -0700, Paul Dale wrote: > I probably should have mentioned this in my earlier message, but the > exponential example is valid for the NSIT SP800-90B non-IID tests too: > 5.74889 bits per byte of assessed entropy. Again about as good a result as > the tests

Re: [openssl-dev] DRBG entropy

2016-07-29 Thread John Denker
In the context of: >> I have a chip (FDK RPG100) that generates randomness, but the >> SP800-90B python test suite indicated that the chip only provides >> 2.35 bits/byte of entropy On 07/28/2016 09:08 AM, I wrote: > That means the chip design is broken in ways that the manufacturer > does not

Re: [openssl-dev] DRBG entropy

2016-07-29 Thread Leon Brits
John, > Let's play a guessing game. I provide a hardware-based random number > generator of my choosing. It produces a stream of bytes. It has an > entropy density greater than 2.35 bits per byte. This claim is consistent > with all the usual tests, but it is also more than that; it is not

Re: [openssl-dev] DRBG entropy

2016-07-29 Thread Leon Brits
Paul, > I probably should have mentioned this in my earlier message, but the > exponential example is valid for the NSIT SP800-90B non-IID tests too: > 5.74889 bits per byte of assessed entropy. Again about as good a result > as the tests will ever produce given the ceiling of six on the output.

Re: [openssl-dev] DRBG entropy

2016-07-28 Thread Paul Dale
2016 8:31 AM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] DRBG entropy On Wed, Jul 27, 2016 at 05:32:49PM -0700, Paul Dale wrote: > John's spot on the mark here. Testing gives a maximum entropy not a minimum. > While a maximum is certainly useful, it isn't what you r

Re: [openssl-dev] DRBG entropy

2016-07-28 Thread Kurt Roeckx
On Wed, Jul 27, 2016 at 05:32:49PM -0700, Paul Dale wrote: > John's spot on the mark here. Testing gives a maximum entropy not a minimum. > While a maximum is certainly useful, it isn't what you really need to > guarantee your seeding. Fom what I've read, some of the non-IID tests actually

Re: [openssl-dev] DRBG entropy

2016-07-28 Thread John Denker
Let's play a guessing game. I provide a hardware-based random number generator of my choosing. It produces a stream of bytes. It has an entropy density greater than 2.35 bits per byte. This claim is consistent with all the usual tests, but it is also more than that; it is not just "apparent"

Re: [openssl-dev] DRBG entropy

2016-07-28 Thread Short, Todd
See: https://tools.ietf.org/html/rfc4086 Section 4 suggests ways to de-skew. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." > On Jul 28, 2016, at 6:51 AM, Hubert Kario wrote: > > On Wednesday, 27 July 2016 15:23:21 CEST

Re: [openssl-dev] DRBG entropy

2016-07-28 Thread Hubert Kario
On Wednesday, 27 July 2016 15:23:21 CEST Leon Brits wrote: > John, > > Thanks for your reply. > > The SP800-90B test has different types of test but the test with the lowest > output is used as the maximum entropy capability of the chip. That is how I > understand it from the FIPS lab. > > For

Re: [openssl-dev] DRBG entropy

2016-07-28 Thread Leon Brits
28 July 2016 02:33 AM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] DRBG entropy > > John's spot on the mark here. Testing gives a maximum entropy not a > minimum. While a maximum is certainly useful, it isn't what you really > need to guarantee your seeding. > > A

Re: [openssl-dev] DRBG entropy

2016-07-27 Thread Paul Dale
tion Phone +61 7 3031 7217 Oracle Australia -Original Message- From: John Denker [mailto:s...@av8n.com] Sent: Wednesday, 27 July 2016 11:40 PM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] DRBG entropy On 07/27/2016 05:13 AM, Leon Brits wrote: > > I have a chip (FDK RPG100) that gene

Re: [openssl-dev] DRBG entropy

2016-07-27 Thread Leon Brits
John, Thanks for your reply. The SP800-90B test has different types of test but the test with the lowest output is used as the maximum entropy capability of the chip. That is how I understand it from the FIPS lab. For the FIPS validation, using a NDRNG, that source must feed the DRBG directly

Re: [openssl-dev] DRBG entropy

2016-07-27 Thread John Denker
On 07/27/2016 05:13 AM, Leon Brits wrote: > > I have a chip (FDK RPG100) that generates randomness, but the > SP800-90B python test suite indicated that the chip only provides > 2.35 bits/byte of entropy. According to FIPS test lab the lowest > value from all the tests are used as the entropy and

[openssl-dev] DRBG entropy

2016-07-27 Thread Leon Brits
Hi all, I have a chip (FDK RPG100) that generates randomness, but the SP800-90B python test suite indicated that the chip only provides 2.35 bits/byte of entropy. According to FIPS test lab the lowest value from all the tests are used as the entropy and 2 is too low. I must however make use of