NIST, Computer Security Division, Computer Security Resource Center
Random Number Generation
Generally-speaking, there are two types of random number generators (RNGs):
- RNGs based on Deterministic Random Bit Generators (DRBGs), also known as Pseudorandom Number Generators, and
- RNGs based on Non-deterministic Random Bit Generators (NRBGs), also known as "True" Random Number Generators.
Approved Algorithms
Currently, there exists several Approved DRBGs, and no Approved NRBGs.
Deterministic Generators
FIPS 186-2, Digital Signature Standard (DSS), defines two deterministic techniques for generating numbers. See Appendices 3.1 and 3.2 and Change Notice #1 of FIPS 186-2. Note: FIPS 186-2 has been superceded by FIPS 186-3. The archived copy of FIPS 186-2 is available to reference the DRBGs contained therein.
ANSI X9.31 Appendix A.2.4 specifies a technique for generating pseudorandom numbers. This is the same technique (using DES) that was specified in Appendix C of ANSI X9.17.
ANSI X9.62-1998 Annex A.4 specifies an additional algorithm derived from FIPS 186.
NIST Special Publication (SP) 800-90, Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised) , specifies four DRBGs and briefly discusses entropy sources and methods for creating an RNG from an entropy source and an Approved DRBG.
Non-Deterministic Generators
There are no Approved NRBGs.
Back to TopTesting Products
Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).
Back to TopRNG Testing
SP 800-22 provides a set of statistical tests for testing and evaluating deterministic and non-deterministic random number generators.
NIST has published an ITL Bulletin that summarizes SP 800-22.
Back to TopAdditional Information
NIST maintains a general web page on Random Number Generation and Testing that contains links to documentation and code.
January 12, 2010: Draft Special Publication 800-131, Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes, is available for public comment. NIST Special Publication (SP) 800-57, Part 1 included a general approach for transitioning from one algorithm or key length to another. This Recommendation (SP 800-131) provides more specific guidance for transitions to stronger cryptographic keys and more robust algorithms. Public comments should be sent to CryptoTransitions@nist.gov by March 15, 2010. The authors of this document, Elaine Barker and Allen Roginsky, will be available for discussions at the RSA Conference in San Francisco on March 1-5.
Back to TopRNG Workshop and Standards Development
A workshop on random number generation was held from July 19-22, 2004 at NIST. The following information is available for interested parties:
- Agenda
- RNG Development History
- RNG Standard Strategy
- X9.82, Part 1
- X9.82, Part 3
- Hash and Block Cipher-based DRBGs
- Number Theoretic DRBGs,
- X9.82, Part 2 (forthcoming)
- Entropy Sources
- Testing Issues with OS-based Entropy Sources
- Validation Testing and NIST Statistical Test Suite
- Block Cipher-based DRBGs
The permission to post the draft of X9.82 has expired; therefore, it is no longer available on this website. Comments received can be viewed here. Additional comments on the ANSI X9.82 and comments in general may be sent to ebarker@nist.gov or John.Kelsey@nist.gov.