[Openswan dev] Support for hardware random number generators
Vrabete, Brad
brad.vrabete at intel.com
Thu Nov 20 11:21:46 EST 2008
Hi Paul,
You're right. But the situation changes if the HW RNG was built to be FIPS
compliant. Then (and only then) FIPS check can be disabled to save CPU
clocks.
Many thanks!
Brad
>-----Original Message-----
>From: Paul Wouters [mailto:paul at xelerance.com]
>Sent: 20 November 2008 16:18
>To: David McCullough
>Cc: Vrabete, Brad; dev at openswan.org
>Subject: Re: [Openswan dev] Support for hardware random number
>generators
>
>On Thu, 20 Nov 2008, David McCullough wrote:
>
>> With all the RNG's I have tested so far, the FIPS check is
>actually a
>> pretty good idea ;-)
>
>Yes I agree. In my personal non-statistical relevant
>experience, only the VIA RNG is good enough :) Intel and Amd
>were not. But my tests were on a few random boards, I hope
>things have improved since. But I would be very nervous using
>hardware random without fips checking.
>
>Paul
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6671 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20081120/400a4567/attachment-0001.bin
-------------- next part --------------
---------------------------------------------------------------------
Intel Shannon Limited
Registered in Ireland
Registered Office: One Spencer Dock, North Wall Quay, Dublin 1
Registered Number: 308263
Business address: Dromore House, East Park, Shannon, Co. Clare
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
More information about the Dev
mailing list