- CSRC Home
- About CSD
- Projects / Research
- news & events
November 21, 2014: NIST requests your comments on the latest revision of NIST SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, which is dated November 2014. This document specifies Deterministic Random Bit Generators based on approved hash functions (as specified in FIPS 180-4), HMAC (as specified in FIPS 198-1) and block ciphers (as specified in FIPS 197 for AES, and SP 800-67 for TDEA). This revision removes the previously approved Dual_EC_DRBG that was based on the use of elliptic curves and includes a number of other changes that are listed in the final appendix of the document. Please submit comments to firstname.lastname@example.org with "SP 800-90A comments" in the subject line by December 31, 2014.
Generally-speaking, there are two types of random number generators (RNGs):
Currently, there exists several Approved DRBGs, and no Approved NRBGs.
FIPS 186-2, Digital Signature Standard (DSS), defines two deterministic techniques for generating numbers. See Appendices 3.1 and 3.2 and Change Notice #1 of FIPS 186-2. Note: FIPS 186-2 has been superceded by FIPS 186-3 and 186-4. The archived copy of FIPS 186-2 is available to reference the DRBGs contained therein.
ANSI X9.31 Appendix A.2.4 specifies a technique for generating pseudorandom numbers. This is the same technique (using DES) that was specified in Appendix C of ANSI X9.17.
ANSI X9.62-1998 Annex A.4 specifies an additional algorithm derived from FIPS 186.
SP 800-90A (revision 1), Recommendation for Random Number Generation Using Deterministic Random Bit Generators. This Recommendation specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on either hash functions, block cipher algorithms or number theoretic problems.
There are no Approved NRBGs.Back to Top
Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).Back to Top
SP 800-22 provides a set of statistical tests for testing and evaluating deterministic and non-deterministic random number generators.
NIST has published an ITL Bulletin that summarizes SP 800-22.Back to Top
NIST maintains a general web page on Random Number Generation and Testing that contains links to documentation and code.Back to Top
A workshop on random number generation was held from July 19-22, 2004 at NIST. The following information is available for interested parties:
The permission to post the draft of X9.82 has expired; therefore, it is no longer available on this website. Comments received can be viewed here. Additional comments on the ANSI X9.82 and comments in general may be sent to email@example.com or John.Kelsey@nist.gov.