Re: secure CRNGs and FIPS (Re: How important is FIPS 140-2 Level 1 cert?)
Adam Back wrote: > About the criticisms of Common Critera evaluation in general, I think > why people complain it is a documentation exercise is because pretty > much all it does ensure that it does what it says it does. So > basically you have to enumerates threats, state what threats the > system is designed to protect against, and which are out of scope. > > Then the rest of the documentation is just saying that in increasing > detail, that you have not made mistakes in the design and > specification and to some extent implementation. CC has very good points. One of the best points is IMO the ST/PP concept which encourages to think what to protect against what. And I do think that most of the CC documents are helpful. But some, esp. these which occupy the most paper, are IMO not worth their effort. These are the low- and high-level design. They are meant to be the link between specification and implementation, but I am sure that there are simpler ways to show the link. And my experience is that these two documents do not change the product in any way. Matthias -- Matthias Bruestle, Managing Director Phone +49 (0) 91 19 55 14 91, Fax +49 (0) 91 19 55 14 97 MaskTech GmbH, Nordostpark 16, 90411 Nuernberg, Germany - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
secure CRNGs and FIPS (Re: How important is FIPS 140-2 Level 1 cert?)
Anoymous wrote: > [criticizing FIPS CRNGs] You can make a secure CRNG that you can obtain FIPS 140 certification on using the FIPS 186-2 appendix 3.1 (one of my clients got FIPS 140 on an implementation of the FIPS 186-2 RNG that I implemented for general key generation and such crypto use.) You should apply change notice 1 under the section "general purpose random number generation", or you will be doing needless modulo q bignum operations for general RNG use (the default, non-change-note modified RNG is otherwise hard code for DSA k value generation and related things 186-2 being the FIPS DSA standard doc). Also about continuously adding seeding this is also provided with 186-2 rng via the XSEED parameter, which allows the system to add extra entropy at any time. About the criticisms of Common Critera evaluation in general, I think why people complain it is a documentation exercise is because pretty much all it does ensure that it does what it says it does. So basically you have to enumerates threats, state what threats the system is designed to protect against, and which are out of scope. Then the rest of the documentation is just saying that in increasing detail, that you have not made mistakes in the design and specification and to some extent implementation. So as someone else said in the thread, as a user you need to read the security target document section on security objectives and assumptions, and check if they protect against attacks that are relevant to you. Another aspect of security targets is protection profiles. A protection profile is basically a sort of set of requirements for security targets for a given type of system. So you might get eg a protection profile for hard disk encryption. The protection profile will be standardized on and so it makes it a bit easier for the consumer as its less likely the protection profile will be massaged. (I mean the consortium or standardization body creating the protection profile will want some security quality bar). Adam - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]