NIST’s Special Publication 800-90B “Recommendation for the Entropy Sources Used for Random Bit Generation” (SP800-90B) lays out the testing requirements for random bit generators. According to Implementation Guidance 7.18, compliance to SP800-90B will be mandatory for FIPS 140-2 validations starting November 8th 2020.
Our colleague Stephan Mueller recently published an updated, SP800-90B compliant version of his Jitter RNG suite for Linux to give our customers a head-start to achieve compliance before the transition date. While the SP800-90B compliance of the Jitter RNG was reviewed by NIST, official approval is only given when the Jitter RNG is used as part of an actual FIPS 140-2 validation.
In his documentation (Section 7.4) he explains the steps a user has to follow to claim SP800-90B compliance using the Jitter RNG, thus removing the need for them to prepare their own SP800-90B analysis.
Stephan Mueller made the Jitter RNG suite available for the public:
The code for the CPU Jitter RNG can be downloaded here:
https://github.com/smuellerDD/jitterentropy-rngd
https://github.com/smuellerDD/jitterentropy-library
The documentation can be downloaded here:
http://www.chronox.de/jent/CPU-Jitter-NPTRNG.pdf
The associated tests can be downloaded here:
http://www.chronox.de/jent/index.html
Stephan Mueller publishes SP800-90B compliant Linux implementation of CPU Jitter RNG
·