Thanks Todd, Please confirm: A0 was the first release where a card was not required for /dev/random (but ICSF was required to be started). If so, how was it done in ICSF? Your note only mentions how it was done if you had a card.
On Wed, Jan 23, 2019 at 8:06 AM Todd Arnold <arno...@us.ibm.com> wrote: > There have been several changes over the years to improve performance of > random number generation, but the important thing is that the random > numbers were always generated using secure methods. As Greg mentioned, > ICSF started using the CEX long ago to get random numbers, which were > generated in the secure CEX HSM. Later on, caching was added in ICSF to > create a pool of random data so that the CEX card would not have to be > called each time. After that, a new API was added to the CEX card to get a > larger batch of random numbers in a single call, again to improve > performance. Now, CPACF has been enhanced to make it even faster than it > was using CEX. In all of these cases, the random numbers are generated > using FIPS-approved methods. One thing that is very nice about ICSF is > that it hides all of these lower-level changes from your application > programs. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
