Ben Laurie wrote:
On 27/08/2010 19:38, Joshua Hill wrote:
The fact is that all of the approved deterministic RNGs have places that
you are expected to use to seed the generator. The text of the standard
explicitly states that you can use non-approved non-deterministic RNGs
to seed your approved
On 27/08/2010 19:38, Joshua Hill wrote:
> The fact is that all of the approved deterministic RNGs have places that
> you are expected to use to seed the generator. The text of the standard
> explicitly states that you can use non-approved non-deterministic RNGs
> to seed your approved deterministi
On Sat, Aug 28, 2010 at 07:01:18PM +1200, Peter Gutmann wrote:
> What matters to someone getting something evaluated isn't what NIST thinks or
> what one person's interpretation of the standard says, but what the lab does
> and doesn't allow. Since what I reported is based on actual evaluations
>
On Sun, Aug 29, 2010 at 06:40:46PM +1200, Peter Gutmann wrote:
> Thor Lancelot Simon writes:
>
> >That doesn't make any sense. DT in that generator is really meant to serve
> >the role of a counter, and, in fact, the test harness for that generator
> >*requires* it to be a counter.
> >
> >The se
Thor Lancelot Simon writes:
>That doesn't make any sense. DT in that generator is really meant to serve
>the role of a counter, and, in fact, the test harness for that generator
>*requires* it to be a counter.
>
>The seed for that generator is K.
Well, at least in your opinion it is :-). And t
On Sat, Aug 28, 2010 at 07:01:18PM +1200, Peter Gutmann wrote:
>
> Yup, and if you look at some of the generators you'll see things like the use
> of a date-and-time vector DT in the X9.17/X9.30 generator, which was the
> specific example I gave earlier of sneaking in seeding via the date-and-time
On Aug 27, 2010, at 2:34 AM, Thomas wrote:
Am Donnerstag 26 August 2010 12:25:55 schrieb Jerry Leichter:
RNG's in VM's are a big problem because the "unpredictable" values
used in the non-deterministic parts of the algorithms - whether you
use them just for seeding or during updating as well - a
On Sat, Aug 28, 2010 at 07:01:18PM +1200, Peter Gutmann wrote:
> What matters to someone getting something evaluated isn't what NIST thinks or
> what one person's interpretation of the standard says, but what the lab does
> and doesn't allow. Since what I reported is based on actual evaluations
>
Joshua Hill writes:
>Peter, I'm sorry, but this dances on the edge of "obviously factually
>incorrect". Could there be some lab / tester who doesn't like just about
>everything? I suppose so, but that's more a consequence of the somewhat
>bizarre FIPS 140 testing arrangement than what NIST thin
John Denker writes:
>There exist lots of small and/or embedded and/or virtual Linux systems that
>have no useful sources of entropy.
Interesting that you should mention this, I was having a debate earlier today
on the use of DLP/ECDLP-based cryptosystems vs. RSA in embedded devices. My
argume
Thor Lancelot Simon writes:
>On Fri, Aug 27, 2010 at 07:20:06PM +1200, Peter Gutmann wrote:
>> No. If you choose your eval lab carefully you can sneak in a TRNG somewhere
>> as input to your PRNG, but you can't get a TRNG certified, and if you're
>> unlucky you won't be allowed to use a TRNG at a
Nicolas Williams writes:
>Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that
>testing and certification could be feasible?
On Fri, Aug 27, 2010 at 07:20:06PM +1200, Peter Gutmann responded:
> No. If you choose your eval lab carefully you can sneak in a TRNG
> somewhere as in
On Fri, Aug 27, 2010 at 07:20:06PM +1200, Peter Gutmann wrote:
>
> No. If you choose your eval lab carefully you can sneak in a TRNG somewhere
> as input to your PRNG, but you can't get a TRNG certified, and if you're
> unlucky you won't be allowed to use a TRNG at all.
I am surprised you'd have
On Thu, Aug 26, 2010 at 02:13:46PM -0700, Eric Murray wrote:
> On Thu, Aug 26, 2010 at 11:21:35AM -0500, Nicolas Williams wrote:
> > I'm thinking of a system where a deterministic (seeded) RNG and
> > non-deterministic RNG are used to generate a seed for a deterministic
> > RNG, which is then used
On 08/26/2010 11:34 PM, Thomas wrote:
> Luckily /dev/random is re-seeded during run-time.
I would have said something different: *IF* you are
lucky, then /dev/random gets reseeded during run time.
> So even if you do
> a roll-back of a system and the new input it non-deterministic it will
> ge
On Wed, 25 Aug 2010 22:37, travis+ml-cryptogra...@subspacefield.org
said:
> 1) Is Linux /dev/{u,}random FIPS 140 certified?
I am nor sure whether it is already certified. However a FIPS mode was
added to Linux featuring an FIPS approved ANSI X9.31 PRNG instead of the
/dev/random. /dev/random is
Nicolas Williams writes:
>Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that
>testing and certification could be feasible?
No. If you choose your eval lab carefully you can sneak in a TRNG somewhere
as input to your PRNG, but you can't get a TRNG certified, and if you're
un
Hello.
Am Donnerstag 26 August 2010 12:25:55 schrieb Jerry Leichter:
[...]
> > 4) What about VMs?
> > Rolling back a deterministic RNG on those systems gives the same
> > values unless/until you re-seed with something new to this iteration
>
> I'm not sure what you mean by "rolling back". Yes, i
On Thu, Aug 26, 2010 at 11:21:35AM -0500, Nicolas Williams wrote:
> Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that
> testing and certification could be feasible?
Yes. (assuming you mean FIPS certification).
Use the TRNG to seed the approved PRNG implementation.
> I'm th
Nicolas Williams wrote:
On Thu, Aug 26, 2010 at 06:25:55AM -0400, Jerry Leichter wrote:
On Aug 25, 2010, at 4:37 PM,
travis+ml-cryptogra...@subspacefield.org wrote:
I also wanted to double-check these answers before I included them:
1) Is Linux /dev/{u,}random FIPS 140 certified?
No, because F
>
> 3) Is determinism a good idea?
> See Debian OpenSSL fiasco. I have heard Nevada gaming commission
> regulations require non-determinism for obvious reasons.
>
The Nevada rules don't convincingly demand non determinism. They do say
things that probably unintentionally exclude non determinism.
On Thu, Aug 26, 2010 at 12:13:06PM -0400, Perry E. Metzger wrote:
> It is difficult to validate that a hardware RNG is working
> correctly. How do you know the bits being put off aren't skewed
> somehow by a manufacturing defect? How do you know that damage in the
> field won't cause the RNG to bec
On Thu, Aug 26, 2010 at 06:24:26PM +0300, Alexander Klimov wrote:
> I guess you misinterpret it. In no place 140-2 "does not allow
> TRNG".
On closer reading, I guess that's true. Annex C, "Approved Random
Number Generators", claims that no TRNGs have been approved, but
that's not the same as say
On Thu, Aug 26, 2010 at 06:25:55AM -0400, Jerry Leichter wrote:
> On Aug 25, 2010, at 4:37 PM,
> travis+ml-cryptogra...@subspacefield.org wrote:
> >
> >I also wanted to double-check these answers before I included them:
> >
> >1) Is Linux /dev/{u,}random FIPS 140 certified?
> >No, because FIPS 140-
On Thu, 26 Aug 2010 08:14:26 -0700
travis+ml-cryptogra...@subspacefield.org wrote:
> On Thu, Aug 26, 2010 at 06:25:55AM -0400, Jerry Leichter wrote:
> > [F]IPS doesn't tell you how to *seed* your deterministic
> > generator. In effect, a FIPS-compliant generator has the
> > property that if you st
On Wed, 25 Aug 2010 travis+ml-cryptogra...@subspacefield.org wrote:
> No, because FIPS 140-2 does not allow TRNGs (what they call
> non-deterministic).
> I couldn't tell if FIPS 140-1 allowed it, but FIPS 140-2 supersedes FIPS
> 140-1.
> I assume they don't allow non-determinism because it makes
On Thu, Aug 26, 2010 at 06:25:55AM -0400, Jerry Leichter wrote:
> [F]IPS doesn't tell you how to *seed* your deterministic generator. In
> effect, a FIPS-compliant generator has the property that if you start it
> with an unpredictable seed, it will produce unpredictable values.
That brings
travis+ml-cryptogra...@subspacefield.org wrote:
Hey all,
I also wanted to double-check these answers before I included them:
3) Is determinism a good idea?
See Debian OpenSSL fiasco. I have heard Nevada gaming commission
regulations require non-determinism for obvious reasons.
Do those sou
On Aug 25, 2010, at 4:37 PM, travis+ml-cryptogra...@subspacefield.org
wrote:
I also wanted to double-check these answers before I included them:
1) Is Linux /dev/{u,}random FIPS 140 certified?
No, because FIPS 140-2 does not allow TRNGs (what they call non-
deterministic). I couldn't tell if
On Aug 25, 2010, at 4:37 16PM, travis+ml-cryptogra...@subspacefield.org wrote:
>
> 3) Is determinism a good idea?
> See Debian OpenSSL fiasco. I have heard Nevada gaming commission
> regulations require non-determinism for obvious reasons.
It's worth noting that the issue of determinism vs. no
Hey all,
Looking for feedback on this section on RNGs:
http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc29
Equations are broken in HTML, but clear in PDF:
http://www.subspacefield.org/security/security_concepts/security_concepts.pdf
I am aware the Renyi entropy link is bro
31 matches
Mail list logo
