----- Original Message ----- From: "Bob Baldwin PlusFive" <[EMAIL PROTECTED]> To: "Tim Dierks" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, August 22, 2003 1:00 PM Subject: Re: PRNG design document?
> Tim, > One issue to consider is whether the system > that includes the PRNG will ever need a FIPS-140-2 > rating. > [...] As you mentioned, the FIPS-140-2 approved PRNG are deterministic, they take a random seed and extend it to more random bytes. But FIPS-140-2 has no provision for generating the seed in the first place, this is where something like Yarrow or the cryptlib RNG come in handy. So if you want FIPS-140-2 compliance, generate a seed using something based on Yarrow or cryptlib RNG (or if you have a good hardware RNG use that to generate the seed), and then apply a FIPS approved PRNG to the seed. NIST should really approve something like Yarrow or Peter Gutmann's design... --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
