Whitewood launched netRandom Free, a cloud-based entropy service
Security applications and infrastructure, and particularly those that utilize encryption and other forms of cryptography, need access to high quantities of truly random numbers for generating keys that are impossible to predict. Yet more and more applications run in environments that struggle to collect sufficient entropy to ensure true randomness. netRandom Free addresses the threat of entropy starvation by delivering on-demand, quantum entropy from a cloud-based server over standard IP networks. The received entropy is used to continuously re-seed existing random number generators within Linux- and Windows-based instances and devices.
netRandom Free is designed to act as a background network-based utility to supplement, not replace, existing entropy sources. With it, security professionals can be confident that applications have access to true random numbers consistently across distributed environments even when they have little or no control over the hardware platform and physical environments that traditionally act as the sources of entropy.
“Poor access to entropy and weakened random number generation has been highlighted by the SANS Institute as one of the 7 most dangerous attacks for 2017. Weak random number generation poses a unique threat since it is essentially undetectable. As with any undetectable vulnerability, we are forced to rely on prevention rather than monitoring and alerts – we need to take proactive rather than reactive measures,” said Richard Moulds, General Manager of Whitewood. “netRandom provides a simple enhancement that helps inoculate servers and virtual machines from generating poor random numbers and therefore weak encryption keys, without requiring changes to applications. Quantum entropy is the only true source of randomness and with our new netRandom Free service, we can now make that available to individuals and organizations of any size.”
Today, virtually all random numbers are generated within the operating system. The problem is that software can’t generate true random numbers. Software-based systems are deterministic and rely on capturing random signals or data from the physical world to act as randomizing ‘seeds’. Because of this requirement, random number generation is traditionally considered to be a local issue. Individual computers capture entropy as best they can, create random numbers, and provide them to local applications. But that model is now changing.
The already widespread and growing use of cryptography raises the bar for randomness, and these current ‘best-effort’ approaches to random number generation are no longer sufficient. The trend towards virtualization and distributed IT environments abstracts our applications from the natural world and the entropy within it. In the virtual world of headless systems running on shared hardware with dynamic replication, there can be little or no real entropy. This makes it virtually impossible to attest to the quality of key generation and system security without the ability to supplement that entropy supply from a trusted source.
At the heart of the netRandom Free service is the Whitewood Entropy EngineTM our award-winning quantum random number generator and entropy source that was jointly developed with the quantum security team at Los Alamos National Laboratory. This same technology is also available for deployment as dedicated on-premise systems for establishing private entropy services for corporate and government data centers, IoT networks and other distributed applications where direct control is of the upmost importance.
Whitewood® is addressing one of the most fundamental challenges associated with modern cryptosystems – random number generation and entropy distribution. Whitewood’s products exploit quantum mechanics to meet demand for high-quality entropy used for random number and key generation at scale. Building upon a base of quantum cryptography capabilities developed over the course of the past two decades at Los Alamos National Laboratory, Whitewood addresses operational vulnerabilities in encryption and crypto applications across the datacenter, cloud and in mobile and embedded systems.
Комментарии