[149274] in cryptography@c2.net mail archive
Re: [Cryptography] cryptography Digest, Vol 9, Issue 29
daemon@ATHENA.MIT.EDU (Wouter Slegers)
Thu Jan 30 02:47:37 2014
X-Original-To: cryptography@metzdowd.com
From: Wouter Slegers <wouter@yourcreativesolutions.nl>
In-Reply-To: <566E0CDC-F784-4EF8-85E0-73D3AEDCC1E5@me.com>
Date: Thu, 30 Jan 2014 08:46:06 +0100
To: Arnold Reinhold <agr@me.com>
Cc: Bill Stewart <bill.stewart@pobox.com>,
Thierry Moreau <thierry.moreau@connotech.com>,
cryptography@metzdowd.com, Paul Hoffman <paul.hoffman@vpnc.org>,
"James A. Donald" <jamesd@echeque.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
L.S.,
On 2014-01-29, at 21:36 , Arnold Reinhold <agr@me.com> wrote:
>> Somehow this discussion tends to run into circles.
> An astute observation. I submit this happens because there is no standard=
or guideline nor a process to get one that has any acceptance. I suggeste=
d a Wiki as a start. Any other ideas?
In the Common Criteria world, especially for smart cards, BSI=92s AIS31 TRN=
G requirements are pretty much the high end of evaluated TRNGs and effectiv=
ely mandated for smart cards under the German CC scheme: https://www.bsi.bu=
nd.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Fu=
nctionality_classes_for_random_number_generators_e.pdf?__blob=3Dpublication=
File
Note that the CC process assumes a non-hostile developer and production fac=
ility, so this does _not_ cover backdoors in the design/implementation, alt=
hough the location of the entropy measurement does help in getting some ass=
urance on the raw noise quality (and is also a major hassle in product desi=
gn: how to get the raw signal out from a supposedly closed chip).
It does give some rigour to defining what entropy is, what the quality is o=
f the output, expected short and long term failure detection mechanisms, an=
d how to show and verify these. And there is a decade+ of experience applyi=
ng these requirements (although a lot of it is painful ;-)).
Some reading notes:
AIS31 =3D true random number generators, i.e. mostly the hardware ones
AIS20 =3D Deterministic random number generators
TOE =3D Target of Evaluation, i.e. the thing that is evaluated, here the th=
ing that includes the RNG.
With kind regards,
Wouter
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
