<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 4/20/2017 11:15 AM, Florent wrote:<br>
</div>
<blockquote
cite="mid:CANQLNWtLx89b3qbK_q5z7tSgKm9TzERWq5LoU_ZeMw2r1XBOkQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div>Thanks for your answer Ludovic.<br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote"><span class="gmail-">
<div>I suggest you to use a hardware dedicated to
random number generation.<br>
</div>
</span></div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>Yes, this is of course the main option I have in mind.</div>
<div>My question remains theoretical in the event we don't
trust any of the TRNG vendors (<a moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators">https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators</a>).</div>
<div>I may have more confidence in a certified card, like
the JCOP 2.4.1r3 which has been evaluated according to the
AIS 31 of the BSI.</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote"><span class="gmail-"></span>
<div>A smart card may be too slow for you.</div>
</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>Yes, I am aware of that. But certified TRNG are also
very slow (75 kbps for the <span
style="background-color:rgb(248,249,250);color:rgb(0,0,0);font-family:sans-serif;font-size:11.9px;text-align:center">Quantis
AIS31 for example).</span></div>
<div><span
style="background-color:rgb(248,249,250);color:rgb(0,0,0);font-family:sans-serif;font-size:11.9px;text-align:center">Let's
just say that the time is not a issue for me :)</span></div>
</div>
</div>
</div>
</blockquote>
<br>
You want to marry your smart card as a source of entropy to a DBRG
and reseed the DBRG from the smart card fairly often. See NIST
SP800-90A for the general form for a DBRG.<br>
<br>
Alternately, you can use multiple sources of entropy - a smart card,
a TPM, one of the TRNGs from above and use them to seed the DBRG.
That way you're not dependent on any of these being "trusted".
Simplest way to do this is XOR the N streams of TRNG data together
to provide the seed and reseed data. Oh yeah - most modern Intel
motherboards and processors support the RDRAND and RDSEED
instructions and there is software to expose those for use.
(<a class="moz-txt-link-freetext" href="https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide">https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide</a>)<br>
<br>
As long as your TRNG can keep up with the reseed schedule, you can
get a *lot* of bits out of the DRBG.<br>
<br>
WRT to the smart card, my guess is there is a TRNG backing a DBRG of
some sort. <br>
<br>
I wouldn't trust a generic PKCS11 driver to do what you want.<br>
<br>
Mike<br>
<br>
<br>
<br>
<blockquote
cite="mid:CANQLNWtLx89b3qbK_q5z7tSgKm9TzERWq5LoU_ZeMw2r1XBOkQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div>Also I am not sure that the data returned by
C_GenerateRandom() always comes from the smart
card. It depends on the PKCS#11 library you use.<br>
</div>
</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>Yes, you're right. Thanks for the warning. In order to
be sure I would need the source code of the PKCS#11
library, right?</div>
<div><br>
</div>
<div>So by the content of your answer, I presume this hasn't
been tested/considered yet? (assuming the data comes
genuinely from the internal generator of the card).</div>
<div><br>
</div>
<div>Cheers<br>
</div>
<div><br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pcsclite-muscle mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pcsclite-muscle@lists.alioth.debian.org">Pcsclite-muscle@lists.alioth.debian.org</a>
<a class="moz-txt-link-freetext" href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle">http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle</a></pre>
</blockquote>
<p><br>
</p>
</body>
</html>