On Thu, Sep 17, 2009 at 04:18:24PM -0400, Jarod Wilson wrote:
>
> Yeah, I like that solution as well, does feel less dirty. So
> essentially, in fips mode, we'd wind up using fips(ansi_cprng) or
> similar, while the self-tests are done against raw ansi_cprng, correct?
Exactly.
Cheers,
--
Vis
On 09/17/2009 04:16 PM, Herbert Xu wrote:
On Thu, Sep 17, 2009 at 01:08:24PM -0400, Neil Horman wrote:
Just so that I'm clear on what your suggesting, you're approach would be to
register two algs in ansi_cprng, a 'raw' cprng, and a 'fips compliant cprng'
underneath that used the raw cprng as a
On Thu, Sep 17, 2009 at 01:08:24PM -0400, Neil Horman wrote:
>
> Just so that I'm clear on what your suggesting, you're approach would be to
> register two algs in ansi_cprng, a 'raw' cprng, and a 'fips compliant cprng'
> underneath that used the raw cprng as a base, but implemented the continuity
On Thu, Sep 17, 2009 at 08:39:51AM -0700, Herbert Xu wrote:
> On Thu, Sep 17, 2009 at 08:43:51AM -0400, Neil Horman wrote:
> >
> > As Jarod mentioned, currently only the NIST certification vectors and, as a
> > result our testmgr vectors require disabling of the internal continuity
> > test,
> > b
On Thu, Sep 17, 2009 at 08:43:51AM -0400, Neil Horman wrote:
>
> As Jarod mentioned, currently only the NIST certification vectors and, as a
> result our testmgr vectors require disabling of the internal continuity test,
> but to generalize from that, I would imagine that any set of certification
>
On Wed, Sep 16, 2009 at 10:37:29PM -0500, Herbert Xu wrote:
> On Wed, Sep 16, 2009 at 12:04:56PM -0400, Neil Horman wrote:
> >
> > So the question is, how do I make this RNG fips compliant without
> > breaking some subset of users out there that rely on the predictability of
> > the
> > CPRNG?
On 09/16/2009 11:37 PM, Herbert Xu wrote:
On Wed, Sep 16, 2009 at 12:04:56PM -0400, Neil Horman wrote:
So the question is, how do I make this RNG fips compliant without
breaking some subset of users out there that rely on the predictability of the
CPRNG? The solution I've come up with
On Wed, Sep 16, 2009 at 12:04:56PM -0400, Neil Horman wrote:
>
> So the question is, how do I make this RNG fips compliant without
> breaking some subset of users out there that rely on the predictability of the
> CPRNG? The solution I've come up with is a dynamic flag. This patch series
W
On 09/16/2009 12:04 PM, Neil Horman wrote:
Hey all-
Ok, so I've got a story behind this one. It was recently called to my
attention that the ansi cprng is missing an aspect of its compliance requrements
for FIPS-140. Specifically, its missing a behavior in its continuous test.
When the
Hey all-
Ok, so I've got a story behind this one. It was recently called to my
attention that the ansi cprng is missing an aspect of its compliance requrements
for FIPS-140. Specifically, its missing a behavior in its continuous test.
When the CPRNG produces random blocks, the firrst bloc
10 matches
Mail list logo
