Entropy Source Validation Testing

What atsec offers

The CMVP requires that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance to SP 800-90B if applicable. SP 800-90B, along with FIPS 140-2 Implementation Guidance (IG) documents 7.18, 7.19, and 7.20 and corresponding FIPS 140-3 IGs D.J, D.K, and D.O, outline the requirements for an entropy source to be included in a FIPS-approved cryptographic module.

This involves statistical analysis of raw entropy data (one million samples) collected from a continuous run of the noise source, as well as raw entropy data (another million samples) collected by concatenating 1,000 samples after a restart of the noise source with a total of 1,000 restarts. The design and operation of the noise source needs to be documented and reviewed.

atsec offers ESV testing as an accredited laboratory (NVLAP Lab code #200658).

The following entropy source implementations were tested by the atsec laboratory:

Vendor
Implementation
Certificate
Date
Oracle Corporation
Kernel CPU Time Jitter
RNG Entropy Source
 E37
2023-04-03
SUSE LLC
Libgcrypt CPU Time Jitter RNG
 E31
2023-03-30
SUSE LLC
Userspace Standalone CPU Time Jitter RNG
(32-bit with external timer)
 E30
2023-03-30
SUSE LLC
Userspace Standalone CPU Time Jitter RNG
(64-bit with external timer)
 E29
2023-03-22
SUSE LLC
Userspace Standalone CPU Time Jitter RNG
(64-bit with internal timer)
 E28
2023-03-22
Nokia
Nokia Jitter Entropy (JENT)
 E26
2023-03-21
SUSE LLC
Userspace Standalone CPU Time Jitter RNG
(32-bit with internal timer)
 E22
2023-03-08
SUSE LLC
Kernel-RT CPU Time Jitter RNG
 E20
2023-02-13
SUSE LLC
Kernel CPU Time Jitter RNG
 E19
2023-01-25
F5, Inc.
CPU Jitter RNG
 E16
2023-01-25
Apple Inc.
Apple corecrypto v11.1 non-physical entropy source
 E15
2023-01-19
Apple Inc.
Apple corecrypto v11.1 physical entropy source
 E14
2023-01-19
IBM
IBM Capri ASIC Entropy Source
 E9
2022-12-16
Red Hat, Inc.
Kernel CPU Time Jitter RNG Entropy Source
 E8
2022-12-02