Category Archive

Below you'll find a list of all posts that have been categorized as “Entropy”

Entropy in OpenSSL 3.0

Greg McLearn January 23, 2023Common Criteria, Entropy, FIPS 140-3

Vendors are increasingly looking to leverage OpenSSL 3.x as their cryptographic module of choice within their products. At the same time, entropy continues to a be a focus in both FIPS 140-3 and Common Criteria projects. For those transitioning from …

ESV and Me!

James Ramage October 10, 2022Entropy, FIPS 140-3

As of November 7, 2020, the Cryptographic Module Validation Program (CMVP) required that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance of the entropy source to NIST SP 800-90B, if the module is “either generating the …

Entropy Validation in FIPS 140-3 (ENT vs ESV)

Ryan Thomas June 6, 2022Entropy, FIPS 140-3

To get an entropy source approved under FIPS 140-3 there are two options: ENT (P) or ENT (NP) entry on the FIPS module validation certificate (until October 1st, 2022) ESV certificate awarded by NIST’s Entropy Source Validation Testing (ESVT) This …

Beyond the testing: FIPS 140-3 documentation inputs

Grace Grundy and Jason Cunningham May 26, 2021Entropy, FIPS 140-2, FIPS 140-3

First time vendors to the FIPS 140 validation process are often not aware of the scope of supporting documentation and evidence required. These documentation inputs are integral to the lab being able to perform and finalize the full validation process. …

NIST 800-90B Input Data Considerations

Greg McLearn March 8, 2021Certifications, Common Criteria, Entropy, FIPS 140-2, Tools

For the past few years, the Common Criteria program has been mandating entropy analysis for almost all protection profile based evaluations. Since November 2020, NIST 800-90B has also become a mandatory requirement under the FIPS 140-2 and the forthcoming FIPS …

NIST 800-90B Concepts

James Ramage February 16, 2021Entropy, FIPS 140-2, FIPS 140-3

The claimed entropy source for a FIPS 140 validated module now requires compliance to NIST SP800-90B. This means that any cryptographic module going through FIPS 140-2 or FIPS 140-3 validation needs to adhere to NIST implementation guidance 7.18 – Entropy …

Gathering Raw Unconditioned Entropy in a Live Linux System

Greg McLearn January 12, 2018Entropy, Tools

As part of our continued product development efforts supporting assurance modernization, the Lightship team sometimes develop useful experimental tools or proofs of concepts. A while ago we developed a proof of concept to extract raw unconditioned entropy from a live …

Quantitative Analysis of Entropy

Greg McLearn December 11, 2017Entropy

[Jan 12, 2018 update: With the final release of NIST SP 800-90B, we’ve updated this post to reflect the new published status of this NIST SP as well as to correct any differences between rev2 and the final publication.] …

Code for NIST Entropy Health Testing

Greg McLearn December 4, 2017Entropy, Tools

[Jan 12, 2018 update: With the final release of NIST SP 800-90B, we’ve updated the sample health test code to match the minor changes between rev2 and the final version. The narrative of this post with respect to requirements for …