[Pcsclite-muscle] max length of randomLen for C_GenerateRandom

Michael StJohns mstjohns at comcast.net
Thu Apr 20 16:37:20 UTC 2017


On 4/20/2017 11:15 AM, Florent wrote:
> Thanks for your answer Ludovic.
>
>     I suggest you to use a hardware dedicated to random number generation.
>
>
> Yes, this is of course the main option I have in mind.
> My question remains theoretical in the event we don't trust any of the 
> TRNG vendors 
> (https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators).
> I may have more confidence in a certified card, like the JCOP 2.4.1r3 
> which has been evaluated according to the AIS 31 of the BSI.
>
>     A smart card may be too slow for you.
>
>
> Yes, I am aware of that. But certified TRNG are also very slow (75 
> kbps for the Quantis AIS31 for example).
> Let's just say that the time is not a issue for me :)

You want to marry your smart card as a source of entropy to a DBRG and 
reseed the DBRG from the smart card fairly often.   See NIST SP800-90A 
for the general form for a DBRG.

Alternately, you can use multiple sources of entropy - a smart card, a 
TPM, one of the TRNGs from above and use them to seed the DBRG. That way 
you're not dependent on any of these being "trusted". Simplest way to do 
this is XOR the N streams of TRNG data together to provide the seed and 
reseed data.  Oh yeah - most modern Intel motherboards and processors 
support the RDRAND and RDSEED instructions and there is software to 
expose those for use. 
(https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide)

As long as your TRNG can keep up with the reseed schedule, you can get a 
*lot* of bits out of the DRBG.

WRT to the smart card, my guess is there is a TRNG backing a DBRG of 
some sort.

I wouldn't trust a generic PKCS11 driver to do what you want.

Mike



>     Also I am not sure that the data returned by C_GenerateRandom()
>     always comes from the smart card. It depends on the PKCS#11
>     library you use.
>
>
> Yes, you're right. Thanks for the warning. In order to be sure I would 
> need the source code of the PKCS#11 library, right?
>
> So by the content of your answer, I presume this hasn't been 
> tested/considered yet? (assuming the data comes genuinely from the 
> internal generator of the card).
>
> Cheers
>
>
>
> _______________________________________________
> Pcsclite-muscle mailing list
> Pcsclite-muscle at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pcsclite-muscle/attachments/20170420/1c9c26c3/attachment.html>


More information about the Pcsclite-muscle mailing list