info@pensec.org
+1 (503) 850-4999
Home / Entropy

Entropy

Entropy generation and utilization is a critical element of cryptographic security. If the randomness providing a systems key generation process cannot be assured then the cryptographic keys themselves cannot be trusted. Penumbra performs a detailed analysis and conformance testing of entropy designs to ensure that Non-Deterministic Random Number Generators meet the minimum NIST standards for random number generation.

Presently, NIST has two different options for certifying entropy sources: entropy sources can be certified as "allowed" algorithms under IG 7.15, or as "approved" algorithms under SP 800-90B. Penumbra can assist you in determining your certification options. Regardless of your path to certification, and regardless of the quality of your entropy source, Penumbra can advise you in how to leverage your module's randomness to ensure the security of your other algorithms.

SP 800-90B has a number of requirements on the vendor, including the implementation of health tests, models of the noise source's behavior, and estimates of the noise source's entropy rate. Penumbra can provide consulting services to help you better understand your entropy source and prepare for 90B certification.

Recent Posts

Notices

10/07/22 - FIPS 140-3 IG (Release) 03/20/20 - SP 800-140 (Release) 7/23/19 - NIST SP 800-133 5/23/19 - NIST SP 800-57 Pt2 5/1/19 - FIPS 140-3 Signed 3/21/19 - NIST SP 800-131A 3/21/19 - NIST SP 800-56B

Events

ICEU Cybersecurity 2023 ICMC 2023

Links

CMVP CAVP MIPS List FIPS 140

We Look Forward To Hearing From You.

Enquire Now