Predictability is the enemy
Attackers don’t crack encryption — they steal or guess keys. Poor sources of entropy mean keys are less than perfectly random, turning strong encryption into something less. Building confidence starts at the source – entropy is the foundation of trust.
Entropy is a scarce resource that is taken for granted.
But, as reserves run low, predictability creeps in. High-capacity datacenters are entropy deserts, and demand can outstrip supply as applications compete for random data. Ensuring an adequate supply of entropy should never be left to chance.
Entropy is born in the physical world. All devices are different.
User interaction, hardware features and software tools are an ever-changing mix. Securing mobile, consumer and IoT environments cries out for consistency as points of weakness create points of attack. Normalizing access to entropy across distributed systems is key to managing risk.
The Whitewood Entropy Engine™ solves the problem of entropy generation. It provides random data in a convenient PCIe card form factor. At its core is a patent-pending quantum entropy source that exploits the immutable laws of quantum mechanics to create true unpredictability. Capable of delivering 200Mbps, the Entropy Engine can satisfy the demands of even the highest-performance cryptosystems.
The Whitewood Entropy Server is deployed to deliver truly random data on demand to applications and devices. Incorporating the quantum-powered Entropy Engine, the Entropy Server ensures a consistent supply of entropy to distributed systems where the quality of local random number generators is unknown or in question, such as in virtualized environments, mobile devices, web browsers and IoT deployments.
The Heartbleed vulnerability highlighted the prolific use of OpenSSL and its role in securing data goes well beyond setting up internet connections. OpenSSL is thirsty for entropy, particularly when enabled for Perfect Forward Secrecy. The Whitewood Entropy Client for OpenSSL is an open source tool that enables entropy consumption to be managed and dramatically improved.
Critical systems require critical infrastructure and entropy management is a vital component. Web servers, PKI, data-at-rest encryption, tokenization and core business applications rely on sound cryptography. As enterprises adopt virtualization technologies, deploy private clouds, and push trusted operations to the edge of their networks, it becomes time to take control of entropy.
Hosting and Cloud Providers
In the race to add value, retain customers and grow revenue, entropy management can become a powerful asset. Delivering Entropy-as-a-Service to tenants as a premium service complements other security-related capabilities. Attracting security-critical applications away from the traditional corporate datacenter is a compelling opportunity for all service providers, and entropy services can play a central role in convincing customers that it’s safe to make the move.
Security Solution Providers
Trust is a core differentiator for security providers. Products ranging from data protection to digital rights management, mobile authentication to PKI, and bitcoin to gaming, all rely on cryptography to do their job safely. Relying on poor sources of entropy on phones, in browsers or in the cloud, compromise a product’s integrity and risks a vendor’s reputation. Harnessing the power of quantum-based entropy can help solution providers stand out in the market.
Let Whitewood Help You Take Control