Re: How important is FIPS 140-2 Level 1 cert?

2006-12-26 Thread Peter Gutmann
Leichter, Jerry [EMAIL PROTECTED] writes: | From: [Name Withheld] | Actually you cant even guarantee that because the FIPS 140 requirements | for the ANSI X9.17/X9.31 PRNG include a pile of oddball things that made | sense for the original X9.17 use (where it was assumed the only source | of

Re: gang uses crypto to hide identity theft databases

2006-12-26 Thread Travis H.
On Sun, Dec 24, 2006 at 11:10:40PM +, Rick van Rein wrote: This is not =entirely= true. A key stored in the same (non-swappable) location for a long time will burn into the memory. (I know that I am reacting beside the point of your story, to which I agree.) Pimpin' Peters Papers:

secure CRNGs and FIPS (Re: How important is FIPS 140-2 Level 1 cert?)

2006-12-26 Thread Adam Back
Anoymous wrote: [criticizing FIPS CRNGs] You can make a secure CRNG that you can obtain FIPS 140 certification on using the FIPS 186-2 appendix 3.1 (one of my clients got FIPS 140 on an implementation of the FIPS 186-2 RNG that I implemented for general key generation and such crypto use.) You