New Whitewood Release Enhances Random Number Accessibility for Crypto Security
|Stuart Parkerson in Security Thursday, March 3, 2016|
Whitewood has released netRandom, a new suite of products for creating high-quality, true random numbers that are accessed across the traditional datacenter, cloud, mobile and embedded systems.
The new product addresses a potential weakness in today’s crypto-security systems by giving enterprise security teams, cloud/hosting providers and security product vendors the opportunity to move beyond the current ad-hoc methods of generating random numbers.
According to the recent announcement by the Whitewood team, “Random number generation, a fundamental process that underlies every cryptographic application in use today, is typically performed by deterministic software processes within the operating system. These otherwise predictable outputs are randomized by capturing noise or other unpredictable events from the local environment. However, the degree to which these sources of randomness are truly unpredictable and random varies enormously and is notoriously difficult to measure.”
They continued, “With the widespread adoption of virtualization, migration to cloud computing, as well as the potential for the Internet of Things (IoT), the challenge of capturing enough high-quality randomness to generate sufficient true random numbers becomes more severe. This creates many potential points of attack and breaches.”
The new netRandom solution provides the ability to expand existing random number services across a wide variety of platforms and applications, making random numbers a broadly available resource to distributed applications.
Whitewood’s netRandom product consists of two components: the netRandom Client and the netRandom Server. Applications or IoT devices can use the netRandom Client to request secure delivery of true random numbers over the network from a shared and central netRandom Server. Random numbers are securely delivered to the Client where they can be used directly via the netRandom API or fed into the local operating system entropy pool where they enable frequent and high-quality reseeding to radically improve the quality of existing random service calls.
The netRandom Client can also request random numbers over the network and feed them as true random seeds into the local operating system entropy pool. This approach helps to ensure that existing random number services such as Linux dev/urandom and dev/random deliver the high quality random numbers without the risk of blocking.
The netRandom system offers:
-Access to high-quality random numbers across an entire application infrastructure.
- Establishes an in-house random number service capability to supply internal and external requirements.
- Provides secure network delivery, protecting against eavesdropping and manipulation.
- Enables applications to use existing operating system services such as dev/urandom and dev/random with confidence.
- Removes dependency on hardware platforms and local environment for entropy generation.
- Incorporates the Whitewood Entropy Engine, a quantum-powered random number generator (QRNG) as a core component of the netRandom Server.
Read more: http://www.whitewoodencryption.com/products/net-ra...