Re: secure CRNGs and FIPS (Re: How important is FIPS 140-2 Level 1 cert?)

2007-01-08 Thread Matthias Bruestle
Adam Back wrote: About the criticisms of Common Critera evaluation in general, I think why people complain it is a documentation exercise is because pretty much all it does ensure that it does what it says it does. So basically you have to enumerates threats, state what threats the system is

secure CRNGs and FIPS (Re: How important is FIPS 140-2 Level 1 cert?)

2006-12-26 Thread Adam Back
Anoymous wrote: [criticizing FIPS CRNGs] You can make a secure CRNG that you can obtain FIPS 140 certification on using the FIPS 186-2 appendix 3.1 (one of my clients got FIPS 140 on an implementation of the FIPS 186-2 RNG that I implemented for general key generation and such crypto use.) You