Nicolas Williams <[email protected]> writes: >Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that >testing and certification could be feasible?
No. If you choose your eval lab carefully you can sneak in a TRNG somewhere as input to your PRNG, but you can't get a TRNG certified, and if you're unlucky you won't be allowed to use a TRNG at all. >I'm thinking of a system where a deterministic (seeded) RNG and non- >deterministic RNG are used to generate a seed for a deterministic RNG That's the sensible way of doing it, but will probably be disallowed by the FIPS lab. In my case I slipped one in through (a) careful choice of lab and (b) defining the date-time vector DT to be "a hash of the date and time and miscellaneous other information" where "hash" was "PRF" and "other information" was the actual entropy input. YMMV based on lab, evaluator, phase of the moon, and hash of the date and time. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
