Professional Documents
Culture Documents
Wolfrand Qualified Entropy Source
Wolfrand Qualified Entropy Source
wolfRand Description
A: wolfRand is a FIPS module that includes a hardware entropy source used for seeding material to
a FIPS approved SP800-90A DRBG. The wolfRand DRBG may perform key generation directly or it
may be used to create seeding material for another DRBG. The entropy rationale for wolfRand has
been reviewed by the CMVP during the FIPS validation process.
A: Common Criteria evaluations require entropy rationale. FIPS 140-2 validations require entropy
rationale when the source of entropy is within the cryptographic boundary. FedRAMP reviews are
expected to evaluate entropy in greater detail as additional experience is gained by the auditors.
wolfRand, as a qualified entropy source, eliminates or simplifies the entropy rationale effort. If you
will be asked to provide an entropy rationale in the future, then a qualified entropy source will make
your life better.
Q: Will the wolfRand FIPS 140-2 certificate have one of the following caveats?
•The module generates cryptographic keys whose strengths are modified by available entropy.
A: Most FIPS software modules rely on an entropy source external to the module (for example,
/dev/random or /dev/urandom). wolfRand includes the hardware entropy source as part of the
module. This eliminates the problem of understanding the strength of external entropy sources. The
wolfRand FIPS module will not require either of the caveats above.
A: wolfRand has been tested on Linux 4.4 (Ubuntu 16.04 LTS) with an Intel® Core™ i5-5300U
CPU. Additional configurations may be added to the wolfRand FIPS certificate based on demand
and the suitability of the hardware entropy source.
Q: When will the wolfRand FIPS certificate be posted on the NIST website?
wolfssl.com
github.com/wolfssl
Copyright © 2024 wolfSSL Inc. All Rights Reserved
2/2