Vendors are increasingly looking to leverage OpenSSL 3.x as their cryptographic module of choice within their products. At the same time, entropy continues to a be a focus in both FIPS 140-3 and Common Criteria projects. For those transitioning from …
ESV and Me!
As of November 7, 2020, the Cryptographic Module Validation Program (CMVP) required that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance of the entropy source to NIST SP 800-90B, if the module is “either generating the …
Entropy Validation in FIPS 140-3 (ENT vs ESV)
To get an entropy source approved under FIPS 140-3 there are two options: ENT (P) or ENT (NP) entry on the FIPS module validation certificate (until October 1st, 2022) ESV certificate awarded by NIST’s Entropy Source Validation Testing (ESVT) This …
Gathering Raw Unconditioned Entropy in a Live Linux System
As part of our continued product development efforts supporting assurance modernization, the Lightship team sometimes develop useful experimental tools or proofs of concepts. A while ago we developed a proof of concept to extract raw unconditioned entropy from a live …
Quantitative Analysis of Entropy
[Jan 12, 2018 update: With the final release of NIST SP 800-90B, we’ve updated this post to reflect the new published status of this NIST SP as well as to correct any differences between rev2 and the final publication.] …
Code for NIST Entropy Health Testing
[Jan 12, 2018 update: With the final release of NIST SP 800-90B, we’ve updated the sample health test code to match the minor changes between rev2 and the final version. The narrative of this post with respect to requirements for …