Solving 800-90 Entropy Requirements in Software
23
Solving the Challenge of New Entropy Standards Ray Potter ICMC November 20, 2014
-
Upload
ray-potter -
Category
Technology
-
view
57 -
download
0
Transcript of Solving 800-90 Entropy Requirements in Software
Solving the Challenge of New Entropy Standards
Ray Potter
ICMC
November 20 2014
Flow
bull Quick recap of entropy and its purpose
bull Standards reviewbull Our work
Entropy
bull Average amount of information contained in data stream
bull A measure of uncertainty unpredictability
Practical Entropy
S a f L og i c
Ru l s
Entropy in the Real World
Entropy in Crypto
bull Provide random bitsbull Challenges in authentication
protocolsbull Seeds for algorithmsbull Use to seed DRBG
bull Value is unpredictable output
Issues
bull Truly random data difficult impossible to generate on a computer
bull How to measure it
Entropy Quantified
bull log2 (max p(xi)) bull minus1113090 P(X = x)log P(X = x)
NIST 800 Series
bull SP 800-90B requirements for entropy source
bull SP 800-90A deterministic algorithms bull SP 800-90C implement an RBG with -
90A and -90B components
Effect to FIPS 140
bull Current Requirement
ldquoCompromising the security of the key generation method (eg guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated keyrdquo
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Flow
bull Quick recap of entropy and its purpose
bull Standards reviewbull Our work
Entropy
bull Average amount of information contained in data stream
bull A measure of uncertainty unpredictability
Practical Entropy
S a f L og i c
Ru l s
Entropy in the Real World
Entropy in Crypto
bull Provide random bitsbull Challenges in authentication
protocolsbull Seeds for algorithmsbull Use to seed DRBG
bull Value is unpredictable output
Issues
bull Truly random data difficult impossible to generate on a computer
bull How to measure it
Entropy Quantified
bull log2 (max p(xi)) bull minus1113090 P(X = x)log P(X = x)
NIST 800 Series
bull SP 800-90B requirements for entropy source
bull SP 800-90A deterministic algorithms bull SP 800-90C implement an RBG with -
90A and -90B components
Effect to FIPS 140
bull Current Requirement
ldquoCompromising the security of the key generation method (eg guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated keyrdquo
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Entropy
bull Average amount of information contained in data stream
bull A measure of uncertainty unpredictability
Practical Entropy
S a f L og i c
Ru l s
Entropy in the Real World
Entropy in Crypto
bull Provide random bitsbull Challenges in authentication
protocolsbull Seeds for algorithmsbull Use to seed DRBG
bull Value is unpredictable output
Issues
bull Truly random data difficult impossible to generate on a computer
bull How to measure it
Entropy Quantified
bull log2 (max p(xi)) bull minus1113090 P(X = x)log P(X = x)
NIST 800 Series
bull SP 800-90B requirements for entropy source
bull SP 800-90A deterministic algorithms bull SP 800-90C implement an RBG with -
90A and -90B components
Effect to FIPS 140
bull Current Requirement
ldquoCompromising the security of the key generation method (eg guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated keyrdquo
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Practical Entropy
S a f L og i c
Ru l s
Entropy in the Real World
Entropy in Crypto
bull Provide random bitsbull Challenges in authentication
protocolsbull Seeds for algorithmsbull Use to seed DRBG
bull Value is unpredictable output
Issues
bull Truly random data difficult impossible to generate on a computer
bull How to measure it
Entropy Quantified
bull log2 (max p(xi)) bull minus1113090 P(X = x)log P(X = x)
NIST 800 Series
bull SP 800-90B requirements for entropy source
bull SP 800-90A deterministic algorithms bull SP 800-90C implement an RBG with -
90A and -90B components
Effect to FIPS 140
bull Current Requirement
ldquoCompromising the security of the key generation method (eg guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated keyrdquo
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Entropy in the Real World
Entropy in Crypto
bull Provide random bitsbull Challenges in authentication
protocolsbull Seeds for algorithmsbull Use to seed DRBG
bull Value is unpredictable output
Issues
bull Truly random data difficult impossible to generate on a computer
bull How to measure it
Entropy Quantified
bull log2 (max p(xi)) bull minus1113090 P(X = x)log P(X = x)
NIST 800 Series
bull SP 800-90B requirements for entropy source
bull SP 800-90A deterministic algorithms bull SP 800-90C implement an RBG with -
90A and -90B components
Effect to FIPS 140
bull Current Requirement
ldquoCompromising the security of the key generation method (eg guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated keyrdquo
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Entropy in Crypto
bull Provide random bitsbull Challenges in authentication
protocolsbull Seeds for algorithmsbull Use to seed DRBG
bull Value is unpredictable output
Issues
bull Truly random data difficult impossible to generate on a computer
bull How to measure it
Entropy Quantified
bull log2 (max p(xi)) bull minus1113090 P(X = x)log P(X = x)
NIST 800 Series
bull SP 800-90B requirements for entropy source
bull SP 800-90A deterministic algorithms bull SP 800-90C implement an RBG with -
90A and -90B components
Effect to FIPS 140
bull Current Requirement
ldquoCompromising the security of the key generation method (eg guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated keyrdquo
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Issues
bull Truly random data difficult impossible to generate on a computer
bull How to measure it
Entropy Quantified
bull log2 (max p(xi)) bull minus1113090 P(X = x)log P(X = x)
NIST 800 Series
bull SP 800-90B requirements for entropy source
bull SP 800-90A deterministic algorithms bull SP 800-90C implement an RBG with -
90A and -90B components
Effect to FIPS 140
bull Current Requirement
ldquoCompromising the security of the key generation method (eg guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated keyrdquo
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Entropy Quantified
bull log2 (max p(xi)) bull minus1113090 P(X = x)log P(X = x)
NIST 800 Series
bull SP 800-90B requirements for entropy source
bull SP 800-90A deterministic algorithms bull SP 800-90C implement an RBG with -
90A and -90B components
Effect to FIPS 140
bull Current Requirement
ldquoCompromising the security of the key generation method (eg guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated keyrdquo
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
NIST 800 Series
bull SP 800-90B requirements for entropy source
bull SP 800-90A deterministic algorithms bull SP 800-90C implement an RBG with -
90A and -90B components
Effect to FIPS 140
bull Current Requirement
ldquoCompromising the security of the key generation method (eg guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated keyrdquo
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Effect to FIPS 140
bull Current Requirement
ldquoCompromising the security of the key generation method (eg guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated keyrdquo
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Draft IG
bull First socialized last yearbull Entropy estimation mandatory forhellip
software modules which include entropy gathering mechanisms that are within the logical boundary of the module
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Entropy Gathered within SW Module Logical Boundary
bull CMTL needs to submit entropy rationale
bull If DRBG is reseeded frequently the vendor shall make a reasonable heuristic claim of independence of the added entropy values
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Entropy Gathered Outside the SW Module Logical
Boundarybull Entropy estimate should be in SP
1Entropy originates from another validated module
2Entropy originates from the operational environment
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
ChaosControl
bull Cryptographically secure DRBG
bull Available for mobile and desktop server environments
bull Compliant to 800-90 and draft FIPS 140 IG
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Logical View of Entropy Sources for iOS Platform
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Words from Whit
bull The right way to use tests in random number generation is to look for failure of the particular mechanism
bull Test each source independently (for stuck faults and other things that can be detected by correlation) and shut down if fewer than some threshold pass the test
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Checks Performed
bull Entropy estimates for each source is recorded with that source
bull Exception reinitialize if not enough entropy
bull CRNGT (CREGT)
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Initial Seeding
bull Ensures sufficient entropy before allowing clients to request random bytes
bull Checks for suitable amount of entropy before initialization
bull Seed file is persisted to disk
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
More about Tests
bull Heuristic bull log2 (max p(xi)) min-entropy from
800-90bbull Statistical Tests from 800-90bbull Full test suite documented by NIST
SP800-22rev1a
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Results from 800-22rev1a
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Statistical Analysis Results
Compression Bins CollisionOutput Space Size = 256Minimum Possible Score 0000000Maximum Possible Score 7183666Filename outbinTest name compressionOutput Space Size 256Number of samples 58321Number of events 57321Mean score 7139077Adjusted mean score 7126542Standard deviation 1818899Entropy type min-entropyEntropy estimate 4936194Entropyoutputdimension estimate 0617024
Output Space Size = 256Warning Shannon entropy estimate = 797Filename outbinTest name binsOutput Space Size 256Number of samples 58321Number of events 58321Mean score 0006927Adjusted mean score 0015471Standard deviation 0000000Entropy type min-entropyEntropy estimate 6014244Entropyoutputdimension estimate 0751781
Output Space Size = 256Minimum Possible Score 2000000Maximum Possible Score 20726106Filename outbinTest name collisionOutput Space Size 256Number of samples 58313Number of events 2803Mean score 20803782Adjusted mean score 20493429Standard deviation 9956489Entropy type min-entropyEntropy estimate 6103266Entropyoutputdimension estimate 0762908
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Hey Guess Whathellip
bull ChaosControl is included with CryptoComply
bull ChaosControl is (nearly) patented
bull SafeLogic is offering it standalone at NO COST license until the end of Q1CY2015
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
Letrsquos Connect
bull SafeLogic
bull SafeLogic_Ray
bull wwwSafeLogiccom
- Solving the Challenge of New Entropy Standards
- Flow
- Entropy
- Practical Entropy
- Entropy in the Real World
- Entropy in Crypto
- Issues
- Entropy Quantified
- NIST 800 Series
- Effect to FIPS 140
- Draft IG
- Entropy Gathered within SW Module Logical Boundary
- Entropy Gathered Outside the SW Module Logical Boundary
- ChaosControl
- Logical View of Entropy Sources for iOS Platform
- Words from Whit
- Checks Performed
- Initial Seeding
- More about Tests
- Results from 800-22rev1a
- Statistical Analysis Results
- Hey Guess Whathellip
- Letrsquos Connect
-
