[Pcsclite-muscle] max length of randomLen for C_GenerateRandom

Florent fdeybach at gmail.com
Thu Apr 20 15:15:50 UTC 2017


Thanks for your answer Ludovic.


> I suggest you to use a hardware dedicated to random number generation.
>

Yes, this is of course the main option I have in mind.
My question remains theoretical in the event we don't trust any of the TRNG
vendors (
https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators
).
I may have more confidence in a certified card, like the JCOP 2.4.1r3 which
has been evaluated according to the AIS 31 of the BSI.


> A smart card may be too slow for you.
>

Yes, I am aware of that. But certified TRNG are also very slow (75 kbps for
the Quantis AIS31 for example).
Let's just say that the time is not a issue for me :)


> Also I am not sure that the data returned by C_GenerateRandom() always
> comes from the smart card. It depends on the PKCS#11 library you use.
>

Yes, you're right. Thanks for the warning. In order to be sure I would need
the source code of the PKCS#11 library, right?

So by the content of your answer, I presume this hasn't been
tested/considered yet? (assuming the data comes genuinely from the internal
generator of the card).

Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pcsclite-muscle/attachments/20170420/82f54b3e/attachment.html>


More information about the Pcsclite-muscle mailing list