Re: RandomNumberGenerator that is FIPS2complaint

Fri, 27 Jul 2012 15:50:22 -0700 

On 07/27/2012 12:34 PM, Vasantharangan, Shruthi M. wrote:

We would like to use a randomNumberGenerator on "Red Hat Enterprise Linux Server 
release 5.6 (Tikanga)" which is FIPS140-2 level2 certified.  We have 
nss-3.13.5-4.el5_8.i386.rpm (along with nss-tools and nspr) package installed on our 
servers.  Can we use DRBG with RHEL 5.6?

Thanks
Shruthi
yes, RHEL 5 ships the latest version of NSS, but with the softoken of NSS 3.11.4. 

bob

Yes

-----Original Message-----
From: dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org 
[mailto:dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org] 
On Behalf Of Robert Relyea
Sent: Friday, 27 July, 2012 3:25 PM
To: dev-tech-crypto@lists.mozilla.org
Subject: Re: RandomNumberGenerator that is FIPS2complaint

On 07/25/2012 02:32 PM, Vasantharangan, Shruthi M. wrote:

Hi,
     How can run drbg test vectors provided by NIST to validate the response of 
the random output for the various algorithms on NSS.

Rgds
Shruthi

Softoken 3.11.4 uses the DSA RNG and not the DRBG (that would be RHEL 6 and 
Softoken 3.12.9).

The test vectors were ran internally with some version of fipstest, not 
necessarily the one shipping with the system (most likely not shipping with the 
system).

Are you trying to do a reval for some reason? For most cases, you simply need 
to refer to the FIPS validation
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#814) and 
the  algorithm validation cert
(http://csrc.nist.gov/groups/STM/cavp/documents/rng/rngval.html#208) [ see also 
755 and 608 ].

bob



_____________________________________________________
This electronic message and any files transmitted with it contains
information from iDirect, which may be privileged, proprietary
and/or confidential. It is intended solely for the use of the individual
or entity to whom they are addressed. If you are not the original
recipient or the person responsible for delivering the email to the
intended recipient, be advised that you have received this email
in error, and that any use, dissemination, forwarding, printing, or
copying of this email is strictly prohibited. If you received this email
in error, please delete it and immediately notify the sender.
_____________________________________________________





-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to