Re: Entropy Pool Contents

From: Henrique de Moraes Holschuh
Date: Tue Nov 28 2006 - 07:14:14 EST


On Mon, 27 Nov 2006, Ben Pfaff wrote:
> daw@xxxxxxxxxxxxxxx (David Wagner) writes:
> > Well, if you want to talk about really high-value keys like the scenarios
> > you mention, you probably shouldn't be using /dev/random, either; you
> > should be using a hardware security module with a built-in FIPS certified
> > hardware random number source.
>
> Is there such a thing? "Annex C: Approved Random Number
> Generators for FIPS PUB 140-2, Security Requirements for
> Cryptographic Modules", or at least the version of it I was able
> to find with Google in a few seconds, simply states:
>
> There are no FIPS Approved nondeterministic random number
> generators.

There used to exist a battery of tests for this, but a FIPS revision removed
them. You cannot really easily define a True RNG as secure or not with
simple tests.

I'd suggest googling after the papers validating the Intel and VIA Padlog
hardware RNGs, they are much better reading than FIPS for this.

If you want a software implementation of all the former FIPS tests, please
get the Debian fork of rng-tools, or Jeff's upstream rng-tools (Debian's has
a lot more stuff, but I don't recall if it has any extra FIPS
functionality).

I should get around to submit patches to Jeff one of these years. It is
about a week-man-hours of tedious work, though.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/