NIST’s Draft PUB on Entropy and RNG

Last month NIST released a draft publication on sources of Entropy and randomness in protecting sensitive data. The draft “Special Publication 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation”, is intended to help product vendors gauge if their sources of random numbers are indeed unpredictable.

NIST states that “Random numbers are a crucial element in cryptography, which is often used to protect private messages by encrypting them into a form that cannot be understood without knowledge of a secret value generated using the random number.

Creating the randomness needed requires the use of an entropy source, which includes a natural source of entropy, often a physical phenomenon such as thermal noise—the random motions of particles due to their temperature. Entropy sources that comply with SP 800-90B are intended to provide assurance that cryptographic algorithms provide the security needed to protect information.”

Recently, CMVP began to sunset FIPS validated products that were using out of date Random Number Generators (RNGs).  Learn more about archiving here.  In addition to archiving outdated RNG products, all validations that have not been maintained within the last 5 years will be sunset.  Read more about the sunseting process here.  These actions and NIST’s release of the draft publication imply that entropy and the security of data are and will continue to be at the center of discussion for both organizations.

Stay up to date on NIST’s and CMVP’s updates on Entropy, RNG, Sunsetting, and FIPS validation requirements with Corsec.