> Hello, > > I have some questions regarding table '6b - Conditional Tests' of the > 2.0.7 Security Policy. > > It is mentioned that there are continuous tests for stuck fault. Is > the meaning of 'continuous' a the matter of frequency ? Or are these > continuous tests ran each time an algorithm is used ? > The CRNGT test is described in section 4.9.2 of FIPS 140-2. It is continuous in that it is applied to all the output of the RNG. The spec is absolutely not clear on what you do with a failure, nor is it an effective stuck at fault test. It is not present in the ISO equivalent spec, nor was it present in the drafts of the (now defunct) 140-3 draft. It is a data modifying test and has interest mathematical properties that raise concerns that it is something other than a stuck-at test.
