[Cryptech Tech] Randomness testing in FIDO

Joachim Strömbergson joachim at secworks.se
Tue Jan 13 08:13:51 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

We talked about the need for actually getting down and dirty w respect
to information about randomness testing. What methods and standards are
available, what tools are available, what to use when and how to
interpret the results etc.

I noted that the FIDO alliance in the UAF Auth Commands spec [1] points
to a document I haven't seen before.

http://www.jscoron.fr/publications/universal.pdf

I'm surprised they've pointed to this specific document, not least since
I can't find a readily available implementation which makes it harder
for anybody implementing the FIDO standard to test the compliance of the
standard requirements.


[1]
http://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-authnr-cmds-v1.0-ps-20141208.pdf

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUtNO/AAoJEF3cfFQkIuyNQ1AQAJu4tVNrOpUZLEtd5NNsxfUu
0r+zWsoKgAbILPveZcXqW64xTUWtQ/dJkZ/cPd1owHJD8WUyfBdzAGVSK7qTi/ly
v+1q0fTZk0R2tQOQuLOq4U0roPJLVY+E4YUPb51iDEheJFLAs5AVK1p29Oa7efZ5
R6dnH88+NDzPCZLTeAwo+9H3by4cszLPl5NF5d9crVIgPytz1j49Iv+QT9hfeTVp
ZO15N5n8V9H9BgNnk4Rd1Pgu46zVAD9dlLF5DWqbIZtt+0bB1DmhmiXa6uKdWoPi
o1pxmmuGjeYqThUWxvWTfE9VbhkabdsKiTuJlWK/MihOHmwvacmpCNO7kscntZn5
nFfON2DuC8exSK+LXogbZjVZP/OhMF/z6do2RgdwQjJkxOQlVzMJukxemCzxdrZl
EA5+pZs1uAiU7lHCvPFT4DKBKv3v1C3h+qExeXHA3Yx7zeQCT45vnjquJIJcf3So
VN2yj2ZmkhIqpyeVIbukIh3v4qeGK3ZtgdoR4EgTOICz8b93ukV3bXgFFgVF5yW+
JoC+XE0/R6p0M0AnoawVjCG476z+954T/wgjTdKxEZzso51+NVgaA9TLLlz89ED+
dLpSLzdVDDUjRSzYO/5T9kxnwpnUHQ1YnJX+npaZPSxICp5hiNSBBLSnf1El7jEH
U0OdzajnYtsiHssWOz4t
=zdH8
-----END PGP SIGNATURE-----


More information about the Tech mailing list