Cryptographic Testing
Entropy Source Assessment
Consult our experts. We are happy to support you.
What atsec offers:
atsec US offers entropy source assessment specified by the SP800-90 series of documents through its accredited Cryptographic Security Testing (CST) laboratory (NVLAP Lab Code #200658-0). The assessment consists of two parts and will lead to an ESV certificate listing on the NIST website:
- Analysis of the design and operation of the noise source, as well as other aspects of the noise source (conditioning components, health tests, IID assumptions, etc.), that need to be documented and reviewed.
- Cryptographic modules that implement an entropy source need to be compliant with Special Publication 800-90B “Recommendation for the Entropy Sources Used for Random Bit Generation”. This involves the statistical testing of raw entropy data (one million samples) collected from a continuous run of the noise source, as well as raw entropy data (another million samples) collected by concatenating 1,000 samples after a restart of the noise source with a total of 1,000 restarts.
Authoritative websites:
More information:
Why our services are important to you:
The CMVP requires that all FIPS 140-3 module validation submissions include documented conformance to SP 800-90B when it is applicable. SP 800-90B, along with corresponding FIPS 140-3 IGs D.J, D.K, and D.O, outline the requirements for an entropy source to be included in a FIPS-approved cryptographic module.
Downloads:
Further information for your certification journey.
The following entropy source implementations are the latest of the 57 that were tested by atsec’s laboratory:
Vendor / Implementation | Certificate / Date |
---|---|
Chainguard, Inc. Chainguard CPU Time Jitter RNG Entropy Source |
E191 2024-09-11 |
Advanced Micro Devices (AMD) AMD TRNG Entropy Source for RDSEED |
E183 2024-09-03 |
Apple Inc. Apple corecrypto non-physical entropy source |
E181 2024-08-22 |
SUSE LLC SUSE OpenSSL CPU Time Jitter RNG Entropy Source |
E177 2024-08-18 |
Red Hat, Inc. RHEL 8 Userspace CPU Time Jitter RNG Entropy Source |
E175 2024-08-14 |
Red Hat, Inc. RHEL 8 Kernel CPU Time Jitter RNG Entropy Source |
E174 2024-08-14 |
Advanced Micro Devices (AMD) AMD TRNG Entropy Source |
E173 2024-08-14 |
Nokia 7×50 Jitter Entropy |
E170 2024-08-12 |
Rambus Inc. EIP130 TRNG Entropy Source |
E167 2024-08-07 |
Microsoft Corporation M1244265 Entropy Source |
E166 2024-08-06 |
Analog Devices, Inc. TRNG B2 Entropy Source |
E159 2024-07-12 |
Still have questions?
Can’t find what you’re looking for? Let’s talk!
FIPS 140-3 Testing
FIPS 140-3 specifies requirements related to securely designing and implementing cryptographic modules, and compliance is increasingly mandatory worldwide.
Cryptographic Algorithm Testing
Testing that cryptographic algorithms are implemented correctly is a prerequisite for FIPS 140-3 cryptographic module testing and NIAP Common Criteria evaluations.
Common Criteria Evaluation
The Common Criteria (CC), also known as ISO 15408, is an internationally recognized standard used to specify and assess the security of IT products.
The Information Security Provider
Read Our Latest Blog Articles
Learn the latest and greatest about information security. You’ll find insights and analyses of recent developments in technology and policy on our blog.
-
atsec’s Yi Mao Interviewed on the TopCyberPro Podcast
Written by Evan Barnett Dr. Yi Mao, CEO of atsec information security US, recently joined host Jim West on the TopCyberPro podcast to discuss the Common Criteria and FIPS standards. They went into the fundamentals and history of each standard before diving into the impacts and implications of…
-
atsec Presenting at the 2024 PCI Community Meeting
Written by Yan Liu atsec will participate in the PCI (Payment Card Industry) Security Standards Council 2024 Asia-Pacific Community Meeting held in Hanoi, Vietnam, on the 20th and 21st of November and will host a booth, as we have in previous years. atsec’s principal consultants Yan Liu and…
-
Exciting Milestone: First atsec Cybersecurity Certificates Issued for Common Criteria
Written by Rasma Mozuraite Araby We are thrilled to announce that atsec’s Certification Body (CB) officially issued its first cybersecurity certificates for Common Criteria. This achievement represents atsec’s readiness for the upcoming European Cybersecurity Certification Scheme (EUCC), positioning our Certification Body at the forefront of cybersecurity compliance in…