Entropy Source Validation Testing

What atsec offers

The CMVP requires that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance to SP 800-90B if applicable. SP 800-90B, along with FIPS 140-2 Implementation Guidance (IG) documents 7.18, 7.19, and 7.20 and corresponding FIPS 140-3 IGs D.J, D.K, and D.O, outline the requirements for an entropy source to be included in a FIPS-approved cryptographic module.

This involves statistical analysis of raw entropy data (one million samples) collected from a continuous run of the noise source, as well as raw entropy data (another million samples) collected by concatenating 1,000 samples after a restart of the noise source with a total of 1,000 restarts. The design and operation of the noise source needs to be documented and reviewed.

atsec offers ESV testing as an accredited laboratory (NVLAP Lab code #200658).

Please also see our list of FIPS 140-2 an FIPS 140-3.

The following 36 entropy source implementations were tested by the atsec laboratory:

Vendor
Implementation
Certificate
Date
Nuvoton Technology Corporation
Nuvoton NTCES02
 E114
2024-02-01
Apple Inc.
Apple SEP TRNG entropy source
 E113
2024-02-01
Amazon Web Services, Inc.
Amazon Kernel CPU Time Jitter
RNG Entropy Source
 E105
2023-12-07
Rambus Inc.
EIP130 TRNG Entropy Source
 E102
2023-11-30
Oracle Corporation
Oracle Userspace CPU Time Jitter
RNG Entropy Source
 E99
2023-11-30
Qualcomm Technologies, Inc.
Entropy Source of the Qualcomm(R)
Pseudo Random Number Generator
 E95
2023-11-14
Nuvoton Technology Corporation
Nuvoton NTCES01
 E94
2023-10-24
IBM Corporation
Entropy Source for the
IBM DataPower FIPS Provider
 E91
2023-10-12
Oracle Corporation
Oracle OpenSSL CPU Time Jitter
RNG Entropy Source
 E90
2023-10-12
F5, Inc.
CPU Jitter RNG
 E85
2023-10-09
Samsung Electronics Co.,Ltd.
Samsung TRNG
 E81
2023-09-29
Amazon Web Services, Inc.
AWS-LC CPU Time Jitter RNG
Entropy Source
 E77
2023-09-14
Cloudlinux Inc., TuxCare division
OpenSSL FIPS provider CPU Time Jitter
RNG Entropy Source
 E76
2023-09-08
Cloudlinux Inc., TuxCare division
Kernel CPU Time Jitter
RNG Entropy Source
 E75
2023-09-08
F5, Inc.
CPU Jitter RNG
 E74
2023-09-07
Qualcomm Technologies, Inc.
Entropy Source of the Qualcomm(R)
Pseudo Random Number Generator
 E67
2023-09-01
Canonical Ltd.
Canonical OpenSSL FIPS Provider
CPU Time Jitter Entropy Source
 E62
2023-08-08
Oracle Corporation
UEK7 CPU Time Jitter RNG Entropy Source
 E61
2023-08-08
Canonical Ltd.
Userspace CPU Time Jitter RNG Entropy Source
 E60
2023-08-08
Canonical Ltd.
Canonical Kernel CPU Time Jitter Entropy Source
 E59
2023-08-08
Intel Corporation
Intel DRNG Entropy Source
 E57
2023-07-21
Red Hat, Inc.
RHEL Kernel CPU Time Jitter
RNG Entropy Source
 E54
2023-06-20
Juniper Networks, Inc.
Kernel CPU Time Jitter RNG
 E50
2023-06-02
Red Hat, Inc.
RHEL OpenSSL FIPS provider
CPU Time Jitter Entropy source
 E48
2023-05-16
Red Hat, Inc.
Userspace CPU Time Jitter
RNG Entropy Source
 E47
2023-05-16
Oracle Corporation
Kernel CPU Time Jitter
RNG Entropy Source
 E37
2023-04-03
SUSE LLC
Libgcrypt CPU Time Jitter RNG
 E31
2023-03-30
SUSE LLC
Userspace Standalone CPU Time Jitter RNG
(32-bit with external timer)
 E30
2023-03-30
SUSE LLC
Userspace Standalone CPU Time Jitter RNG
(64-bit with external timer)
 E29
2023-03-22
SUSE LLC
Userspace Standalone CPU Time Jitter RNG
(64-bit with internal timer)
 E28
2023-03-22
Nokia
Nokia Jitter Entropy (JENT)
 E26
2023-03-21
SUSE LLC
Userspace Standalone CPU Time Jitter RNG
(32-bit with internal timer)
 E22
2023-03-08
SUSE LLC
Kernel-RT CPU Time Jitter RNG
 E20
2023-02-13
SUSE LLC
Kernel CPU Time Jitter RNG
 E19
2023-01-25
F5, Inc.
CPU Jitter RNG
 E16
2023-01-25
Apple Inc.
Apple corecrypto v11.1 non-physical entropy source
 E15
2023-01-19
Apple Inc.
Apple corecrypto v11.1 physical entropy source
 E14
2023-01-19
IBM
IBM Capri ASIC Entropy Source
 E9
2022-12-16
Red Hat, Inc.
Kernel CPU Time Jitter RNG Entropy Source
 E8
2022-12-02