[Pcsclite-muscle] max length of randomLen for C_GenerateRandom
Florent
fdeybach
Thu Apr 20 08:15:50 PDT 2017
Thanks for your answer Ludovic.
> I suggest you to use a hardware dedicated to random number generation.
>
Yes, this is of course the main option I have in mind.
My question remains theoretical in the event we don't trust any of the TRNG
vendors (
https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators
).
I may have more confidence in a certified card, like the JCOP 2.4.1r3 which
has been evaluated according to the AIS 31 of the BSI.
> A smart card may be too slow for you.
>
Yes, I am aware of that. But certified TRNG are also very slow (75 kbps for
the Quantis AIS31 for example).
Let's just say that the time is not a issue for me :)
> Also I am not sure that the data returned by C_GenerateRandom() always
> comes from the smart card. It depends on the PKCS#11 library you use.
>
Yes, you're right. Thanks for the warning. In order to be sure I would need
the source code of the PKCS#11 library, right?
So by the content of your answer, I presume this hasn't been
tested/considered yet? (assuming the data comes genuinely from the internal
generator of the card).
Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pcsclite-muscle/attachments/20170420/82f54b3e/attachment.html>
More information about the pcsclite-muscle
mailing list