Search

GlobalSCAPE Knowledge Base

Where cryptography is employed, what randomness source is used?

Karla Marsh
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT, all versions

QUESTION

Where cryptography is employed, what randomness source is used?

ANSWER

For SSL and related cryptography, we use the OpenSSL random number generator (technically, a pseudo-random number generator, or PRNG) which is based upon a seeded cryptographic hash function. This is documented here: https://www.openssl.org/docs/crypto/rand.html.

Our random number generation is FIPS compliant when operating in FIPS mode. The same random number generation technique is used in non-FIPS mode, it simply is the library implementation without the certification.

For SSH (SFTP) communications, the Crypto++ library is used, with its PNRG (which is also FIPS compliant and, when operated in the proper mode, FIPS certified).

Details
Last Modified: 3 Years Ago
Last Modified By: kmarsh
Type: FAQ
Rated 1 star based on 3 votes.
Article has been viewed 20K times.
Options
Also In This Category
Tags