On Fri, Dec 14, 2007 at 01:27:57PM -0500, Thor Lancelot Simon wrote:
> The PRNG test which requires DT to be run as a monotonic counter is, in
> fact, a known-answer test.
The variable seed test portion of CAVS testing specifies a DT of 0 in
all cases and only one round is run for each seed, so
On Thu, Dec 13, 2007 at 08:29:47PM -0500, Thor Lancelot Simon wrote:
> In fact, I was in the middle of a FIPS-140 certification at level 2
> a number of years ago when the Known Answer Test for the X9.17 block
> cipher based PRNG was introduced. One unanticipated side effect of
> this test was to
On Fri, Dec 14, 2007 at 08:33:16AM -0800, Joshua Hill wrote:
>
> You may be confusing the requirements for a KAT which is a power-up health
> check on all of the deterministic components of the PRNG (which is run on
> power-up and requires that you fix all the inputs to some specific known
> value
On Tue, Dec 11, 2007 at 04:00:42PM -0500, Leichter, Jerry wrote:
> | > It is, of course, the height of irony that the bug was introduced in
> | > the very process, and for the very purpose, of attaining FIPS
> | > compliance!
> |
> | But also to be expected, because the feature in question is
> |
| > It is, of course, the height of irony that the bug was introduced in
| > the very process, and for the very purpose, of attaining FIPS
| > compliance!
|
| But also to be expected, because the feature in question is
| "unnatural": the software needs a testable PRNG to pass the compliance
| test
On Mon, Dec 10, 2007 at 04:17:38PM -0500, Leichter, Jerry wrote:
> It is, of course, the height of irony that the bug was introduced in the
> very process, and for the very purpose, of attaining FIPS compliance!
But also to be expected, because the feature in question is "unnatural":
the software
| What does it say about the integrity of the FIPS program, and its CMTL
| evaluation process, when it is left to competitors to point out
| non-compliance of evaluated products -- proprietary or open source --
| to basic architectural requirements of the standard?
I was going to ask the same quest
Vin McLellan wrote:
What does it say about the integrity of the FIPS program, and its CMTL
evaluation process, when it is left to competitors to point out
non-compliance of evaluated products -- proprietary or open source -- to
basic architectural requirements of the standard?
Enter Reality
On Mon, 10 Dec 2007 11:27:10 -0500
Vin McLellan <[EMAIL PROTECTED]> wrote:
>
> What does it say about the integrity of the FIPS program, and its
> CMTL evaluation process, when it is left to competitors to point out
> non-compliance of evaluated products -- proprietary or open source --
> to basi
What does it say about the integrity of the FIPS program, and its
CMTL evaluation process, when it is left to competitors to point out
non-compliance of evaluated products -- proprietary or open source --
to basic architectural requirements of the standard?
_Vin
===
Peter Gutmann wrote:
While it's possible to say "There's something we noticed
here in the source code that requires the software to be ejected from the
train", it's a bit harder to say "We spent three months reverse-engineering
someone else's proprietary protected intellectual property and think
Ralf-Philipp Weinmann <[EMAIL PROTECTED]> writes:
>On Dec 3, 2007, at 16:51 , Paul Hoffman wrote:
>> Another interesting part is that open-source systems are much more
>> susceptible to being attacked by competitors (that is, having their
>> validation suspended) than are closed-source systems.
>
>
On Dec 3, 2007, at 16:51 , Paul Hoffman wrote:
At 9:58 AM -0500 12/3/07, Perry E. Metzger wrote:
I don't know if people have been following this, but it is
interesting
from the point of view of studying how the FIPS process does (or does
not) interact with the underlying goal of producing as
Paul Hoffman <[EMAIL PROTECTED]> writes:
>At 9:58 AM -0500 12/3/07, Perry E. Metzger wrote:
>>I don't know if people have been following this, but it is interesting
>>from the point of view of studying how the FIPS process does (or does
>>not) interact with the underlying goal of producing assured
At 9:58 AM -0500 12/3/07, Perry E. Metzger wrote:
I don't know if people have been following this, but it is interesting
from the point of view of studying how the FIPS process does (or does
not) interact with the underlying goal of producing assured systems.
Another interesting part is that op
I don't know if people have been following this, but it is interesting
from the point of view of studying how the FIPS process does (or does
not) interact with the underlying goal of producing assured systems.
Begin Forwarded Message:
Return-Path: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTE
16 matches
Mail list logo