Thanks David. If I use the default DRBG, do I need to set the entropy?
-Karan On Wed, Sep 25, 2013 at 9:34 AM, David Jacobson <[email protected]>wrote: > According to FIPS 140, the continuous test fails if two consecutive values > from the RNG are the same. No matter how strange or low-entropy the > seeding, this should happen only with vanishingly small probability. So > something is seriously wrong. You absolutely should not try to work around > this. You must find the root cause and fix it. > > Also you imply that this is repeatable. Are the failures exactly > repeatable? If so, this would suggest that you have no entropy at all. > > --David > > On 9/24/13 2:23 PM, karanpopali wrote: > >> I'm using FIPS OpenSSL on Android and it FIPS_rand_bytes() fails >> continuous >> test after sometime. I read in the SecurityPolicy that if it fails then we >> need to uninstantiate and re-instantiate the DRBG. >> >> Few questions: >> 1. Is there any way to avoid this? Will using HMAC DRBG or Hash DRBG help? >> 2. Is this a FATAL error? >> 3. If we hit this error, do we need to restart the process or just >> uninstantiate/re-instantiate is enough? >> >> Version info: >> FIPS canister: 2.0.1 >> OpenSSL: 1.0.1c >> >> Thanks, >> Karan >> >> >> >> -- >> View this message in context: http://openssl.6102.n7.nabble.** >> com/FIPS-OpenSSL-default-DRBG-**continuous-test-failing-**tp46646.html<http://openssl.6102.n7.nabble.com/FIPS-OpenSSL-default-DRBG-continuous-test-failing-tp46646.html> >> Sent from the OpenSSL - Dev mailing list archive at Nabble.com. >> ______________________________**______________________________** >> __________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List [email protected] >> Automated List Manager [email protected] >> >> >
