Anton Stiglic wrote: > ----- Original Message ----- > From: "Bob Baldwin PlusFive" <[EMAIL PROTECTED]> > To: "Tim Dierks" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Friday, August 22, 2003 1:00 PM > Subject: Re: PRNG design document? > > > >>Tim, >> One issue to consider is whether the system >>that includes the PRNG will ever need a FIPS-140-2 >>rating. >>[...] > > > As you mentioned, the FIPS-140-2 approved PRNG > are deterministic, they take a random seed and extend it > to more random bytes. But FIPS-140-2 has no > provision for generating the seed in the first place, > this is where something like Yarrow or the cryptlib > RNG come in handy.
Actually, FIPS-140 _does_ have provision for seeding, at least for X9.17 (you use the time :-), but not for keying. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
