Richard Wang, FIPS Laboratory Manager, Gossamer Security Solutions, Tony Apted, CCTL Technical Director, Leidos
Entropy is a measure of the disorder, randomeness or uncertainty in a closed system. Entropy underpins cryptography, and if it's bad, things can go wrong. Entropy sources should have a noise source, post processing and conditioning.
There is a new component in the latest draft of SP 800-90B that is discussing post processing. there are regular health tests, so any problems can be caught quickly.
There are 3 approved methods for post-processing: Von Neumann's method, Linear filtering method, Length of runs method.
The labs have to justify how they arrived at their entropy estimates. There should be a detailed logical diagram to illustrate all of the components, sources and mechanisms that constitute an entropy source. Also do statistical analysis.
When examining ISO 19790, their clauses on entropy seemed to line up with FIPS 140-2 IG's - so if you meet CMVP requirements, you should be ready for ISO 19790 (for entropy assesment).
Common Criteria has it's own entropy requirements in the protection profiles. The Network Device PP, released in 2010, defined an extensive requirement for RNG and entropy. You have to have a hardware based noise source, minimum 128 bits of entropy and 256 bits of equivalent strength.
The update in 2012 allowed software and/or hardware entropy sources. It was derived from SP 800-90B, so very similar requirements.
Entropy documentation has to be reviewed and approved before the evaluation can formally commence.
Some vendors are having trouble documenting thrid party sources, especially hardware. Lots of misuse of Intel's RDRAND.
This One's For The Girls - *(ATTENTION MOMS: this post may be mildly inappropriate for young children.) * Alright ladies, it's OUR turn. That's right: it's time to turn the tab...