[147890] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] /dev/random initialisation
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Oct 30 00:25:19 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 30 Oct 2013 17:14:55 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: crypto.jmk@gmail.com, dj@deadhat.com
In-Reply-To: <8EFE56C8-6C61-40E2-8A90-728EAA3A33A6@gmail.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
John Kelsey <crypto.jmk@gmail.com> writes:
>On Oct 28, 2013, at 5:28 PM, dj@deadhat.com wrote:
>...
>> But the specifications (SP800-90x & FIPS 140-2) make it spectacularly hard
>> to mix in multiple sources in a compliant way. SP800-90 gives a way to mix
>> in "additional entropy" and "personalization strings", but FIPS 140-2
>> states that all sources must be authenticated. All configuring entities
>> must be authenticated. Try authenticating hardware on one end of chip
>> against hardware at the other end of the chip. It is the mother of all
>> chicken and egg problems.
>
>Wait, the FIPS labs refuse to let you put your own stuff into those
>additional inputs?
Yes, they won't let you feed in additional entropy. In my case I managed to
get around it through some code subterfuge (they think they got what they
asked for and I know it was actually done right, not the way they wanted), but
it wouldn't surprise me if other implementers just threw up their hands and
did what the labs wanted.
Peter.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
