There have been several changes over the years to improve performance of random number generation, but the important thing is that the random numbers were always generated using secure methods. As Greg mentioned, ICSF started using the CEX long ago to get random numbers, which were generated in the secure CEX HSM. Later on, caching was added in ICSF to create a pool of random data so that the CEX card would not have to be called each time. After that, a new API was added to the CEX card to get a larger batch of random numbers in a single call, again to improve performance. Now, CPACF has been enhanced to make it even faster than it was using CEX. In all of these cases, the random numbers are generated using FIPS-approved methods. One thing that is very nice about ICSF is that it hides all of these lower-level changes from your application programs.
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
