Below you'll find a list of all posts that have been categorized as “Entropy”
Vendors are increasingly looking to leverage OpenSSL 3.x as their cryptographic module of choice within their products. At the same time, entropy continues to a be a focus in both FIPS 140-3 and Common Criteria projects. For those transitioning from …
As of November 7, 2020, the Cryptographic Module Validation Program (CMVP) required that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance of the entropy source to NIST SP 800-90B, if the module is “either generating the …
To get an entropy source approved under FIPS 140-3 there are two options: ENT (P) or ENT (NP) entry on the FIPS module validation certificate (until October 1st, 2022) ESV certificate awarded by NIST’s Entropy Source Validation Testing (ESVT) This …
First time vendors to the FIPS 140 validation process are often not aware of the scope of supporting documentation and evidence required. These documentation inputs are integral to the lab being able to perform and finalize the full validation process. …
For the past few years, the Common Criteria program has been mandating entropy analysis for almost all protection profile based evaluations. Since November 2020, NIST 800-90B has also become a mandatory requirement under the FIPS 140-2 and the forthcoming FIPS …
The claimed entropy source for a FIPS 140 validated module now requires compliance to NIST SP800-90B. This means that any cryptographic module going through FIPS 140-2 or FIPS 140-3 validation needs to adhere to NIST implementation guidance 7.18 – Entropy …
As part of our continued product development efforts supporting assurance modernization, the Lightship team sometimes develop useful experimental tools or proofs of concepts. A while ago we developed a proof of concept to extract raw unconditioned entropy from a live …
[Jan 12, 2018 update: With the final release of NIST SP 800-90B, we’ve updated this post to reflect the new published status of this NIST SP as well as to correct any differences between rev2 and the final publication.] …
[Jan 12, 2018 update: With the final release of NIST SP 800-90B, we’ve updated the sample health test code to match the minor changes between rev2 and the final version. The narrative of this post with respect to requirements for …
