Random Number Generators
Secure cryptographic mechanisms and protocols require good random numbers. Therefore, random number generators used in cryptographic products need to provide random and unpredictable data.
For this purpose the BSI defined guidelines for the evaluation and certification of random number generators in the mathematical/technical reference A proposal for: Functionality classes for random number generators - Version 2.0 (September 18, 2011) and ( A proposal for: Functionality classes for random number generators - Version 3.0), which form the cryptographic basis for AIS 20 and AIS 31 (AIS documents).
The creation of version 3.0 was accompanied by a commenting phase of a draft (
A proposal for: Functionality classes for random number generators - Version 2.35 - Draft) and a workshop (More information).
Furthermore, various BSI studies examine and evaluate individual random number generators:
BSI study: Documentation und Analysis of the Linux pseudo-random number generator
For several years now, the BSI continuously examined the random number generator (RNG for short) /dev/random for each newly released version of Linux. This enables the BSI to make security statements about this RNG, but also about cryptographic systems that use this RNG to generate key material. The main aspect of the investigation is to prove that the Linux RNG is compliant with a certain functionality class.
BSI study: Random number generation in virtualized environments
With the increasing use of virtual machines, especially in cloud-based solutions, the question arises whether random numbers of sufficient quality can be provided here as well. A study by the BSI therefore investigated how virtualization influences the entropy of the noise sources feeding the random number generators and what can be done to ensure that the virtual machines (VM) are supplied with sufficient random numbers. As an example, the Linux open-source random number generator was investigated in virtual machines running on different virtual-machine monitors (VMM) such as KVM, VirtualBox, Microsoft Hyper-V, and VMWare ESXi.