Re: FIPS 140-2, PRNGs, and entropy sources

2007-07-16 Thread lists
On 9 Jul 2007 16:08:33 -0600, Darren Lasko wrote: 2) Does FIPS 140-2 have any requirements regarding the quality of the entropy source that is used for seeding a PRNG? Yes. The requirement imposed by FIPS 140-2 (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) are in section

Re: FIPS 140-2, PRNGs, and entropy sources

2007-07-10 Thread Joshua Hill
On Mon, Jul 09, 2007 at 04:08:33PM -0600, Darren Lasko wrote: However, it seems pretty nebulous about how they expect you to measure the number of operations required to compromise the security of the key generation method. Do you know what kind of documentation the labs require? The

Re: FIPS 140-2, PRNGs, and entropy sources

2007-07-09 Thread Darren Lasko
On 7/8/07, Joshua Hill [EMAIL PROTECTED] wrote: On Sat, Jul 07, 2007 at 10:53:17PM -0600, Darren Lasko wrote: 1) Can a product obtain FIPS 140-2 certification if it implements a PRNG from NIST SP 800-90 (and therefore is not listed in FIPS 140-2 Annex C)? If not, will Annex C be updated to

FIPS 140-2, PRNGs, and entropy sources

2007-07-08 Thread Darren Lasko
Hello, I have a couple of questions related to FIPS 140-2: 1) Can a product obtain FIPS 140-2 certification if it implements a PRNG from NIST SP 800-90 (and therefore is not listed in FIPS 140-2 Annex C)? If not, will Annex C be updated to include the PRNGs from SP 800-90? 2) Does FIPS 140-2

Re: FIPS 140-2, PRNGs, and entropy sources

2007-07-08 Thread Joshua Hill
On Sat, Jul 07, 2007 at 10:53:17PM -0600, Darren Lasko wrote: 1) Can a product obtain FIPS 140-2 certification if it implements a PRNG from NIST SP 800-90 (and therefore is not listed in FIPS 140-2 Annex C)? If not, will Annex C be updated to include the PRNGs from SP 800-90? The PRNGs in