Pseudo-random number device driver
The pseudo-random number device driver provides user-space applications with pseudo-random numbers generated by the CP Assist for Cryptographic Function (CPACF).
The PRNG device driver supports the Deterministic Random Bit Generator (DRBG) requirements that are defined in NIST Special Publication 800-90/90A. The device driver uses the SHA-512 based DRBG mechanism.
To use the SHA-512 based DRBG, the device driver requires version 5 of the Message Security Assist (MSA), which is available as of the zEC12 and zBC12 with the latest firmware level. During initialization of the prng kernel module the device driver checks for the prerequisite.
If the prerequisites for the SHA-512 based DRBG are not
fulfilled, the device driver uses the Triple Data Encryption Standard (TDES)
algorithm instead. In TDES mode, the PRNG device driver uses a DRBG in compliance with ANSI X9.17
based on the TDES cipher algorithm. You can force the fallback to TDES mode by using the
mode=
module parameter.
Terminology hint: Various abbreviations are commonly used for Triple Data Encryption Standard, for example: TDES, triple DES, 3DES, and TDEA.
User-space programs access the pseudo-random-number device through a device node, /dev/prandom. SUSE Linux Enterprise Server 12 SP4 provides udev to create it for you.