Entropy is an amount of information contained within a data stream, and strong entropy (i.e., a high degree of unpredictability) is a core need for strength of system-generated cryptographic keys. Since software and computing systems are designed to be predictable, it’s quite difficult to achieve statistically random values for use in seeds for key generation.

stackflowTo comply with FIPS 140, keys should be generated with a deterministic random bit generator (DRBG), which is seeded with a value derived from the OS (i.e., via dev/random). The value here is unpredictable input. The stronger the entropy, the stronger the output from the DRBG, and the stronger the key. That’s what is important- making sure that that output from the DRBG is as unpredictable and strong as possible. The only real way to do that is to have a true, very good, very high level of entropy going into it.

SafeLogic developed ChaosControl to bring statistically random entropy to software environments. Further, this patented solution:

Complies with NIST SP800-90

Includes test suite from NIST SP800-22

Is available cross-platform

Conforms to draft FIPS 140 Implementation Guidance for entropy

Meets Common Criteria guidelines for entropy requirements

ChaosControl is available as an add-on to CryptoComply licenses.