Entropy Source Validation Testing
What atsec offers
The CMVP requires that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance to SP 800-90B if applicable. SP 800-90B, along with FIPS 140-2 Implementation Guidance (IG) documents 7.18, 7.19, and 7.20 and corresponding FIPS 140-3 IGs D.J, D.K, and D.O, outline the requirements for an entropy source to be included in a FIPS-approved cryptographic module.
This involves statistical analysis of raw entropy data (one million samples) collected from a continuous run of the noise source, as well as raw entropy data (another million samples) collected by concatenating 1,000 samples after a restart of the noise source with a total of 1,000 restarts. The design and operation of the noise source needs to be documented and reviewed.
atsec offers ESV testing as an accredited laboratory (NVLAP Lab code #200658).
The following entropy source implementations were tested by the atsec laboratory:
| Vendor Implementation |
Certificate Date |
|---|---|
| SUSE LLC Userspace Standalone CPU Time Jitter RNG (64-bit with external timer) |
E29 2023-03-22 |
| SUSE LLC Userspace Standalone CPU Time Jitter RNG (64-bit with internal timer) |
E28 2023-03-22 |
| Nokia Nokia Jitter Entropy (JENT) |
E26 2023-03-21 |
| SUSE LLC Userspace Standalone CPU Time Jitter RNG (32-bit with internal timer) |
E22 2023-03-08 |
| SUSE LLC Kernel-RT CPU Time Jitter RNG |
E20 2023-02-13 |
| SUSE LLC Kernel CPU Time Jitter RNG |
E19 2023-01-25 |
| F5, Inc. CPU Jitter RNG |
E16 2023-01-25 |
| Apple Inc. Apple corecrypto v11.1 non-physical entropy source |
E15 2023-01-19 |
| Apple Inc. Apple corecrypto v11.1 physical entropy source |
E14 2023-01-19 |
| IBM IBM Capri ASIC Entropy Source |
E9 2022-12-16 |
| Red Hat, Inc. Kernel CPU Time Jitter RNG Entropy Source |
E8 2022-12-02 |