Subject: Re: Hardware RNG support for EM64T systems
To: Simon J. Gerraty <sjg@crufty.net>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 02/20/2006 16:45:09
On Mon, Feb 20, 2006 at 12:56:13PM -0800, Simon J. Gerraty wrote:
> >Regardless, it would be a Good Idea (tm) to perform some of the FIPS
> >tests to ensure the RNG hardware at least looks functional rather than
>
> All FIPS 140 requires is a check that the value returned from the RNG
> isn't the same as the last value.
That depends what level you're certifying to. At level 4, IIRC, periodic
statistical tests are required (which is why the standard specifies a
particular battery of statistical RNG tests).
It's less clear to me that the use to which those tests are put in the
OpenBSD-derived code in FreeBSD's rndtest module is actually entirely
correct, however. Is it really the case that output from a hardware
source should only be fed into the software mixing function if the raw
HW output passes the tests? I am not so sure, and think the issue
requires more thought than the OpenBSD core, at least, seems to have
given it.
It is certainly appropriate to run the statistical test on the _output_
of the software RNG, however.
We should be doing continuous-output tests on all random number sources,
and on the generator output, no matter what. It is a little tricky to see
how to do them for callers that use the interface for adding bulk data,
though; in those cases it needs to be done within the caller itself, I
think.
--
Thor Lancelot Simon tls@rek.tjls.com
"We cannot usually in social life pursue a single value or a single moral
aim, untroubled by the need to compromise with others." - H.L.A. Hart