Comments on NIST Standards for Random Number Testing (C21a)
Random numbers are essential for cryptographic applications. In FIPS 140-2, entropy assessment is a critical part of cryptographic key management. NIST SP800-22 and current draft NIST SP 800-90B are strongly recommended as informative guidance for the entropy assessment. In this talk, we analyze these two commonly used certifications for assessing random number generators. Especially, we introduce some defects that we found in NIST SP 800-22 and the draft SP 800-90B. We believe that these comments are helpful in improving these standards and cryptographic module testing methods.