WHY ARE RANDOM NUMBERS SO CRITICAL?

Random numbers provide the security foundation for all crypto applications – and today, crypto is everywhere. Encryption, certificates and digital signatures are at the forefront of protecting data at rest, data in motion and data in use. Whether generating keys, initializing processes or just mixing things up, randomness is what separates the bad guys from the things you care about.

It’s tempting to take random numbers for granted but that would be a mistake. Every hardware platform, every operating system and every application generates, handles and consumes random numbers differently. That creates a problem. Security should be consistent.

It’s time to take control. When random numbers stop being truly random even your encrypted data is at risk.

wordcloud

It starts with entropy

Quality

Quality

Predictability is the enemy
of cryptography.

Randomness is hard to measure – the difference between good and bad is entropy. Poor sources of entropy mean keys are less than perfectly random, turning strong encryption into something less. Building confidence starts at the source – entropy is the foundation of trust.

Quantity

Availability

Entropy is a natural resource
– cherish it.

Like any scare resource, reserves of entropy can run low, and predictability creeps in. Reliably capturing entropy from the physical world is a challenge and demand can outstrip supply. Applications are hungry for random data and maintaining entropy should never be left to chance.

Consistency

Consistency

Security should be a science,
not an art.

Users, their devices, their applications – it’s an ever-changing mix. Yet securing mobile apps, consumer browsers and IoT environments cries out for uniformity. Points of weakness create points of attack. Normalizing access to entropy across distributed systems is key to managing risk.

Whitewood Takes the Uncertainty Out of Entropy

Quantum Random Number Generator

The Whitewood Entropy Engine™ solves the problem of entropy generation. At its core is a patent-pending quantum entropy source that exploits the immutable laws of quantum mechanics that is sampled to create true random numbers. Provided as a convenient PCIe card form factor and capable of delivering 200Mbps of random data, the Entropy Engine can satisfy the demands of even the highest-performance cryptosystems.

Networked Random Numbers

The Whitewood Entropy Server is deployed to deliver truly random numbers on-demand to distributed applications and connected devices. Incorporating the quantum-powered Entropy Engine, the Entropy Server ensures a consistent and reliable supply of high quality seed value to systems where the performance of local entropy sources is unknown or in question, such as in virtualized environments, mobile devices, web browsers and IoT deployments.

Entropy Management for OpenSSL

The Heartbleed vulnerability highlighted the prolific use of OpenSSL in web servers around the world and as a crypto library across the enterprise. OpenSSL is thirsty for random numbers, particularly when enabled for Perfect Forward Secrecy. The Whitewood Entropy Client for OpenSSL is an open source tool that enables the use of random numbers to be managed and dramatically improved.

How Whitewood Can Help You Harness the Power of Great Random Numbers

Enterprise Infrastructure

Critical systems require rigorous protection. Core business applications and security infrastructure rely on sound cryptography. As enterprises adopt virtualization technologies, deploy private clouds, and push trusted operations to the edge of their networks, it becomes time to take control of key management. High quality random number generation becomes critical and establishing a centralized service capability can be a cost effective approach.

Hosting and Cloud Providers

In the race to add value, retain customers and grow revenue, a high performance random number capability can become a powerful service asset. Delivering random seeds and data to tenant applications as a premium service complements other security-related capabilities. Attracting security-critical applications away from the traditional corporate datacenter is a compelling opportunity for all service providers.

Security Solution Providers

Trust is a core differentiator for security solution providers. Products ranging from data protection to digital rights management, mobile authentication to PKI, and bitcoin to gaming, all rely on cryptography to do their job safely. Relying on poor sources of entropy and random numbers on phones, in browsers or in the cloud, compromises a product’s integrity and risks a vendor’s reputation. Harnessing the power of quantum-based entropy can help solution providers stand out in the market.

Let Whitewood Help You Take Control