[ale] random number generators
Alex Carver
agcarver+ale at acarver.net
Tue Mar 19 17:13:34 EDT 2019
On 2019-03-19 13:54, dev null zero two via Ale wrote:
> IIRC, the link I sent is for a Linux RNG patch that uses a FIPS approved
> DRBG. If properly seeded, this can supply a ton of secure random numbers
> without draining the entropy pool so much.
The page says they're following SP800-57A (using SHA-256 for the RNG)
and FIPS 140-2 (128 bits of entropy). Thae latest FIPS 140-2 has
actually withdrawn guidance on RNGs in general. They have to prove the
rest of the system meets the 140-2 requirements to be an approved RNG.
The requirements for NDRBGs (needed for the seed of any subsequent RNG
including a DRBG) are in SP 800-90A where it specifies that the ideal
entropy source is random but the DRBG specification allows the entropy
to be less than random.
But remember, Dual_EC_DRBG was also approved yet it had a back door.
More information about the Ale
mailing list