FIA_SOS.2 TSF generation of secrets
This component allows the TSF to generate secrets for specific functions such as authentication by means of passwords.
User application notes
When a pseudo-random number generator is used in a secret generation algorithm, it should accept as input random data that would provide output that has a high degree of unpredictability. This random data (seed) can be derived from a number of available parameters such as a system clock, system registers, date, time, etc. The parameters should be selected to ensure that the number of unique seeds that can be generated from these inputs should be at least equal to the minimum number of secrets that must be generated.
Operations
Assignment:
In FIA_SOS.2.1, the PP/ST author should provide a defined quality metric. The quality metric specification can be as simple as a description of the quality checks to be performed or as formal as a reference to a government published standard that defines the quality metrics that secrets must meet. Examples of quality metrics could include a description of the alphanumeric structure of acceptable secrets and/or the space size that acceptable secrets must meet.
In FIA_SOS.2.2, the PP/ST author should provide a list of TSF functions for which the TSF generated secrets must be used. An example of such a function could include a password based authentication mechanism.