Cryptographic Testing

Entropy Source Assessment

Consult our experts. We are happy to support you.

Contact Us

What atsec offers:

atsec US offers entropy source assessment specified by the SP800-90 series of documents through its accredited Cryptographic Security Testing (CST) laboratory (NVLAP Lab Code #200658-0). The assessment consists of two parts and will lead to an ESV certificate listing on the NIST website:

  • Analysis of the design and operation of the noise source, as well as other aspects of the noise source (conditioning components, health tests, IID assumptions, etc.), need to be documented and reviewed.
  • Cryptographic modules that implement an entropy source need to be compliant with Special Publication 800-90B “Recommendation for the Entropy Sources Used for Random Bit Generation”. This involves the statistical testing of raw entropy data (one million samples) collected from a continuous run of the noise source, as well as raw entropy data (another million samples) collected by concatenating 1,000 samples after a restart of the noise source with a total of 1,000 restarts.

Authoritative websites:

NIST ESV Program

More information:

NIST List of ESV Certificates (Search)

atsec’s List of Cryptographic Module Certificates

Why our services are important to you:

The CMVP requires that all FIPS 140-3 module validation submissions include documented conformance to SP 800-90B when it is applicable. SP 800-90B, along with corresponding FIPS 140-3 IGs D.J, D.K, and D.O, outline the requirements for an entropy source to be included in a FIPS-approved cryptographic module.

Downloads:

Further information for your certification journey.

SP800-90B Document

SP800-90B Assessment Tool

ESV Request for Information

The following entropy source implementations are the latest of the 47 that were tested by atsec’s laboratory:

Vendor / Implementation Certificate / Date
Analog Devices, Inc.
TRNG B2 Entropy Source		 E159
2024-07-12
Qualcomm Technologies, Inc.
Entropy Source of the Qualcomm(R) Pseudo Random Number Generator
(Snapdragon(R) 7 Gen 1)		 E155
2024-07-02
Qualcomm Technologies, Inc.
Entropy Source of the Qualcomm(R) Pseudo Random Number Generator
(Snapdragon(R) 6 Gen 1)		 E154
2024-07-02
Qualcomm Technologies, Inc.
Entropy Source of the Qualcomm(R) Pseudo Random Number Generator		 E153
2024-07-02
Qualcomm Technologies, Inc.
Entropy Source of the Qualcomm(R) Pseudo Random Number Generator		 E152
2024-07-02
Oracle Corporation
Oracle Linux 9 Kernel CPU Time Jitter RNG Entropy Source		 E151
2024-07-02
IBM Corporation
IBM Power10 RNG (with conditioning)		 E150
2024-06-28
Cloudlinux Inc., Tuxcare Division
Userspace CPU Time Jitter
RNG Entropy Source		 E127
2024-03-04
IBM Corporation
IBM Power10 RNG		 E120
2024-02-20
Laird Connectivity
Summit CPU Time Jitter RNG Entropy Source		 E119
2024-02-12
see all

Still have questions?

Can’t find what you’re looking for? Let’s talk!

Contact Us →

FIPS 140-3 Testing

FIPS 140-3 specifies requirements related to securely designing and implementing cryptographic modules, and compliance is increasingly mandatory worldwide.

Learn More

Cryptographic Algorithm Testing

Testing that cryptographic algorithms are implemented correctly is a prerequisite for FIPS 140-3 cryptographic module testing and NIAP Common Criteria evaluations.

Learn More

Common Criteria Evaluation

The Common Criteria (CC), also known as ISO 15408, is an internationally recognized standard used to specify and assess the security of IT products.

Learn More

The Information Security Provider

Read Our Latest Blog Articles

Learn the latest and greatest about information security. You’ll find insights and analyses of recent developments in technology and policy on our blog.