From: Simon J. Gerraty (sjgcrufty.net)
Date: Mon Feb 20 2006 - 14:56:13 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Regardless, it would be a Good Idea (tm) to perform some of the FIPS
>tests to ensure the RNG hardware at least looks functional rather than

All FIPS 140 requires is a check that the value returned from the RNG
isn't the same as the last value. If it is, you can fetch another value
and check again since there is a non-zero possibility that the first
"double" was simply statistics.

Of course the downside is what you have to do if the test fails ;-)
Which is why if you want to use /dev/random to seed your approved RNG
you should probably do so via an api that will impose the RNG test - but
not otherwise burden /dev/random.

--sjg

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]