Product Selection Guide
True (Hardware) Random Number Generator Certification
Certification applied to true random number generators means getting a letter or “certification” from an independent testing laboratory stating they have analyzed and tested a particular generator model and user application program, and in their opinion the combined hardware/software system operated as expected. The certification means the system design appears to be sound and performs in a way consistent with expected statistical results. This gives the company a basis to say their system is “fair, unbiased and unpredictable.”
There is no standard (or certification) for stand-alone non-deterministic (hardware or "true") random number generators in the USA. Here and in other countries certifications are given for systems including a TRNG used for a specific purpose such as an online gaming system. It is the responsibility of the user of the true random generator and software system to obtain this type of certification as each application or system is different and only the user has control of their own software. Companies that obtain these certifications and testing laboratories that grant them do not share copies of the certificates, either for security reasons, copyright or because the testing firms charge money to provide the certifications. ComScire's true random generators used with customers' applications have been certified several times by well-known testing laboratories throughout the world.
There is no FIPS approved non-deterministic (true) random number generator. The purpose of FIPS 140-2 is to coordinate the requirements and standards for cryptography modules that include both hardware and software components. As such, stand-alone generators like our PQ4000KU and PQ32MU true random number generators, do not fall within the FIPS specified standards. Therefore, no FIPS "approval" would be available.
Internal Testing and Quality Assurance
ComScire Pure Quantum™ random generators are guaranteed to pass any properly designed test for randomness. Four randomly selected Model PQ4000KU generators were directly tested to more than 1 terabit of continuous output data without any indication of statistical defect, and the Model PQ32MU was cumulatively tested to more than 67 terabits. All Model PQ4000KU generators are tested to at least 100 Gbits, and Model PQ32MU generators to at least 1 Tbit at the time of manufacture as part of our QA program. Our testing procedures are more stringent than any other manufacturers'. We have been selling online, world-wide for over 18 years the longest of any hardware TRNG company, and we hold 5 issued patents (others pending) covering true random number generation and methods.
NIST DRAFT Special Publication 800-90B, Recommendation for the Entropy sources Used for Random Bit Generation and NIST DRAFT Special Publication 800-90C, Recommendation for Random Bit Generator (RBG) Constructions, describe the latest recommendations for entropy source requirements, construction, reliability, testing and security for non-deterministic random bit generators. ComScire Models PQ4000KU and PQ32MU are designed to be fully compliant with these recommendations. Full entropy random output is provided with no data conditioning required.
Internal Certification Letters and Testing Results
ComScire (The Quantum World Corporation) supplies the following letters describing the operation
The following documents summarize representative test results for each model of hardware generator:
if use on computers containing classified information is required:
USB EEPROM Sanitizing Program:
The Sanitizing Program confirms the small EEPROM used to configure serial numbers and product-specific
QngEepromSha1Check.exe (Windows XP SP3/2003/Vista/2008/7/8)