NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Random Number Generation

April 21, 2014: NIST requests comments on a revision of NIST SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators. This revision removes the Dual_EC_DRBG from the document. An announcement containing the rationale for the revision and a proposed transition schedule is available. Please send comments on the revision of SP 800-90A and the transition schedule to RBG_comments@nist.gov by May 23, 2014, with “Comments on SP 800-90A” in the subject line.


September 10, 2013: In light of recent reports, NIST is reopening the public comment period for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C.  In addition, the Computer Security Division has released a supplemental ITL Security Bulletin titled "NIST Opens Draft Special Publication 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, For Review and Comment (Supplemental ITL Bulletin for September 2013)" to support the draft revision effort.

Comments Received Draft SP 800-90 A Rev. 1, B and C (469 KB)

Comments received in 2006 in response to the original request for comments on SP 800-90.


Generally-speaking, there are two types of random number generators (RNGs):

  1. RNGs based on Deterministic Random Bit Generators (DRBGs), also known as Pseudorandom Number Generators, and
  2. RNGs based on Non-deterministic Random Bit Generators (NRBGs), also known as "True" Random Number Generators.

Approved Algorithms

Currently, there exists several Approved DRBGs, and no Approved NRBGs.

Deterministic Generators

FIPS 186-2, Digital Signature Standard (DSS), defines two deterministic techniques for generating numbers. See Appendices 3.1 and 3.2 and Change Notice #1 of FIPS 186-2. Note: FIPS 186-2 has been superceded by FIPS 186-3 and 186-4. The archived copy of FIPS 186-2 is available to reference the DRBGs contained therein.

ANSI X9.31 Appendix A.2.4 specifies a technique for generating pseudorandom numbers. This is the same technique (using DES) that was specified in Appendix C of ANSI X9.17.

ANSI X9.62-1998 Annex A.4 specifies an additional algorithm derived from FIPS 186.

SP 800-90A (revision 1), Recommendation for Random Number Generation Using Deterministic Random Bit Generators. This Recommendation specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on either hash functions, block cipher algorithms or number theoretic problems.

Non-Deterministic Generators

There are no Approved NRBGs.

Back to Top

Testing Products

Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).

Back to Top

RNG Testing

NIST Special Publication 800-22rev1a, A Statistical Test Suite for Random and Pseudorandom Number Generators.

SP 800-22 provides a set of statistical tests for testing and evaluating deterministic and non-deterministic random number generators.

NIST has published an ITL Bulletin that summarizes SP 800-22.

Back to Top

Additional Information

NIST maintains a general web page on Random Number Generation and Testing that contains links to documentation and code.

Back to Top

RNG Workshop and Standards Development

A workshop on random number generation was held from July 19-22, 2004 at NIST. The following information is available for interested parties:

  1. Agenda
  2. RNG Development History
  3. RNG Standard Strategy
  4. X9.82, Part 1
  5. X9.82, Part 3
  6. Hash and Block Cipher-based DRBGs
  7. Number Theoretic DRBGs,
  8. X9.82, Part 2 (forthcoming)
  9. Entropy Sources
  10. Testing Issues with OS-based Entropy Sources
  11. Validation Testing and NIST Statistical Test Suite
  12. Block Cipher-based DRBGs

The permission to post the draft of X9.82 has expired; therefore, it is no longer available on this website. Comments received can be viewed here. Additional comments on the ANSI X9.82 and comments in general may be sent to ebarker@nist.gov or John.Kelsey@nist.gov.

Note: An algorithm or technique that is either specified in a FIPS or NIST Recommendation.