Hi,
Is there a way to set the Random Number Generator to use the DRBG instead
of DSA?
We are using a RHEL 5.6. We have the below NSS rpms in the system.
* nss-3.13.5-4.el5_8.i386.rpm
* nss-devel-3.13.5-4.el5_8.i386.rpm
* nss-tools-3.13.5-4.el5_8.i386.rpm
Rgds
Shruthi
-----Original Message-----
From: dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org
[mailto:dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org]
On Behalf Of Robert Relyea
Sent: Friday, 27 July, 2012 6:50 PM
To: dev-tech-crypto@lists.mozilla.org
Subject: Re: RandomNumberGenerator that is FIPS2complaint
On 07/27/2012 12:34 PM, Vasantharangan, Shruthi M. wrote:
> We would like to use a randomNumberGenerator on "Red Hat Enterprise Linux
> Server release 5.6 (Tikanga)" which is FIPS140-2 level2 certified. We have
> nss-3.13.5-4.el5_8.i386.rpm (along with nss-tools and nspr) package installed
> on our servers. Can we use DRBG with RHEL 5.6?
>
> Thanks
> Shruthi
yes, RHEL 5 ships the latest version of NSS, but with the softoken of NSS
3.11.4.
bob
> Yes
>
> -----Original Message-----
> From:
> dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org
> [mailto:dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozi
> lla.org] On Behalf Of Robert Relyea
> Sent: Friday, 27 July, 2012 3:25 PM
> To: dev-tech-crypto@lists.mozilla.org
> Subject: Re: RandomNumberGenerator that is FIPS2complaint
>
> On 07/25/2012 02:32 PM, Vasantharangan, Shruthi M. wrote:
>> Hi,
>> How can run drbg test vectors provided by NIST to validate the response
>> of the random output for the various algorithms on NSS.
>>
>> Rgds
>> Shruthi
> Softoken 3.11.4 uses the DSA RNG and not the DRBG (that would be RHEL 6 and
> Softoken 3.12.9).
>
> The test vectors were ran internally with some version of fipstest, not
> necessarily the one shipping with the system (most likely not shipping with
> the system).
>
> Are you trying to do a reval for some reason? For most cases, you
> simply need to refer to the FIPS validation
> (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#8
> 14) and the algorithm validation cert
> (http://csrc.nist.gov/groups/STM/cavp/documents/rng/rngval.html#208) [ see
> also 755 and 608 ].
>
> bob
>
>
>
> _____________________________________________________
> This electronic message and any files transmitted with it contains
> information from iDirect, which may be privileged, proprietary and/or
> confidential. It is intended solely for the use of the individual or
> entity to whom they are addressed. If you are not the original
> recipient or the person responsible for delivering the email to the
> intended recipient, be advised that you have received this email in
> error, and that any use, dissemination, forwarding, printing, or
> copying of this email is strictly prohibited. If you received this
> email in error, please delete it and immediately notify the sender.
> _____________________________________________________
>
_____________________________________________________
This electronic message and any files transmitted with it contains
information from iDirect, which may be privileged, proprietary
and/or confidential. It is intended solely for the use of the individual
or entity to whom they are addressed. If you are not the original
recipient or the person responsible for delivering the email to the
intended recipient, be advised that you have received this email
in error, and that any use, dissemination, forwarding, printing, or
copying of this email is strictly prohibited. If you received this email
in error, please delete it and immediately notify the sender.
_____________________________________________________
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
