Am Montag, 2. Dezember 2013, 23:16:28 schrieb [email protected]: Hi dj,
> > the work that you have done to make hardware entropy sources readily > > available in Intel chips should be commended, and i certainly > > appreciate it. i will however continue to complain until it is even > > better, with configurable access to the raw entropy samples for those > > who wish to evaluate or run the TRNG in this mode. > > I'm currently arguing with NIST about their specifications which make it > hard to provide raw entropy while being FIPS 140-2 and NIST SP800-90 Interesting: I have the same type of discussion (SP800-90B) to prepare (and even went through it -- see [1]) and I do not see it that problematic, if you have the right hooks into your noise source implementation (and I could imagine that this is a challenge with the current RDSEED/RDRAND implementation). > compliant. If I had a free hand, it would not be a configuration. > Configurations suck in numerous ways. It would just be there. This is not acceptable for many. When you are involved in the Intel RNG development, you may have insights. But I do not. And I trust that some three- letter agencies are able to fumble with a large US vendor's implementation of a noise source (considering that they could hide their backdoored DRBG in plain sight for quite some time). > > Chip design is a slow process. Standards writing is a slow process, > especially when NIST is involved. When one depends on the other it is even > slower. So don't hold your breath waiting for anything to happen. > > Feel free to lean on NIST. I notice that they haven't even published the > public comments yet. The comment period for SP800-90 ended over three > weeks ago. Maybe they got quite a few (including from me)? > > The AES and SHA-3 competitions were not like this, even though RNG's are > less glitzy, they are a more fundamental security feature but they're > getting less attention from NIST. I spoke with several NIST folks involved in the RNG process in September. And they are not ignorant. Therefore, I would not suggest that we imply anything here! [1] https://www.bsi.bund.de/DE/Publikationen/Studien/LinuxRNG/index_htm.html Ciao Stephan -- | Cui bono? | _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
