Entropy

Entropy generation and utilization is a critical element of cryptographic security. If the randomness providing a systems key generation process cannot be assured then the cryptographic keys themselves cannot be trusted. Penumbra performs a detailed analysis and conformance testing of entropy designs to ensure that Non-Deterministic Random Number Generators meet the minimum NIST standards for random number generation.

Presently, NIST has two different options for certifying entropy sources: entropy sources can be certified as "allowed" algorithms under IG 7.15, or as "approved" algorithms under SP 800-90B. Penumbra can assist you in determining your certification options. Regardless of your path to certification, and regardless of the quality of your entropy source, Penumbra can advise you in how to leverage your module's randomness to ensure the security of your other algorithms.

SP 800-90B has a number of requirements on the vendor, including the implementation of health tests, models of the noise source's behavior, and estimates of the noise source's entropy rate. Penumbra can provide consulting services to help you better understand your entropy source and prepare for 90B certification.

We Look Forward To Hearing From You.