Brett Lymn wrote:
> On Sun, Feb 19, 2006 at 09:44:13AM -0800, Sam Leffler wrote:
>> The thing about running a FIPS test is news to me :)
>>
> 
> Regardless, it would be a Good Idea (tm) to perform some of the FIPS
> tests to ensure the RNG hardware at least looks functional rather than
> accepting a continuous stream of 0's (or 1's) as being "random".  I
> don't mean do this continuously but from memory there are some startup
> tests defined by FIPS that are designed to detect malfunctioning
> RNG's.
> 

If you want a one-shot deal you can do it from an rc script or maybe 
from cron.  My stuff interposed and allowed you to shutdown the source 
if it saw things failing.  You could configure how often it ran and what 
tests had to pass etc. etc.  man rndtest(4) on freebsd.

	Sam