0Pricing
Cryptology Academy · Lesson

NIST SP 800-90A: DRBG Standards

Understand the NIST DRBG framework — instantiation, reseeding, prediction resistance, and security strengths.

Why Deterministic RBGs Are Needed

Cryptographic operations need high-quality random numbers: key generation, nonces, IVs, salts, and session tokens. True random number generators (TRNGs) harvest entropy from physical sources (hardware noise, interrupts, thermal noise) but are slow and not always available — especially in virtual machines or early boot. Deterministic Random Bit Generators (DRBGs) solve this: seed a DRBG with a small amount of true entropy and use a cryptographic algorithm to stretch it into a large stream of pseudorandom bits that are computationally indistinguishable from true random. NIST SP 800-90A defines three approved DRBG mechanisms used in virtually all modern cryptographic implementations.

DRBG Lifecycle: Instantiate, Generate, Reseed

A DRBG operates through three fundamental operations. Instantiate: initialize the DRBG internal state using entropy_input (from an entropy source), a nonce (a one-time value ensuring uniqueness), and optionally a personalization_string (application-specific context). Generate: produce the requested number of pseudorandom bits and update internal state to prevent backtracking. Reseed: inject fresh entropy into the DRBG state to provide prediction resistance — after reseeding, even an adversary who knew the previous state cannot predict future outputs. NIST specifies maximum generate intervals (reseed_interval): 2^48 requests before mandatory reseeding for all three DRBG types.

All lessons in this course

  1. NIST SP 800-90A: DRBG Standards
  2. Hash-DRBG, HMAC-DRBG, and CTR-DRBG Internals
  3. The Dual EC DRBG Backdoor Incident
  4. Testing and Validating RNG Implementations
← Back to Cryptology Academy