Ed Jaffe wrote: >IBM Z was recently enhanced with a true random source in CPACF. >For all the many decades before that, all "random" numbers on the >mainframe were actually pseudo-random...
The IBM Crypto Express features have had TRNGs aboard for many years (and still do). This is a fairly complex topic if you get into the details, and TRNGs are not my speciality. However, my understanding is that if you have a Crypto Express domain configured to a LPAR (in CCA mode I believe) then it automatically contributes to entropy for seeding. Having a TRNG (a.k.a. NDRNG) on chip with CPACF means you get an entropy boost even without a Crypto Express domain. You should still get Crypto Express features, assuming you can get them in your country. They're more important than ever. Paul Gilmartin wrote: >The latter suggests that a pseudo RNG is periodically reseeded >by the TRNG Yes, that's right. CPACF on the IBM z14 and LinuxONE II models, and higher, have this feature. If you try to use the TRNG for every random number request it's really slow, but fortunately that's not required to achieve the desired, certified outcome. Seeding is rather important, though, and that's why they're there. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN