U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NISTIR 8427 (Draft)

Discussion on the Full Entropy Assumption of the SP 800 90 Series

Date Published: September 7, 2022
Comments Due: October 31, 2022
Email Comments to: rbg_comments@nist.gov


Darryl Buller (NSA), Aaron Kaufer (NSA), Allen Roginsky (NIST), Meltem Sönmez Turan (NIST)


The NIST SP 800-90 series supports the generation of high-quality random bits for cryptographic and non-cryptographic use. The security of a random number generator depends on the unpredictability of its outputs, which can be measured in terms of entropy. The NIST SP 800-90 series uses min-entropy to measure entropy. A full-entropy bitstring has an amount of entropy equal to its length. Full-entropy bitstrings are important for cryptographic applications, as these bitstrings have ideal randomness properties and may be used for any cryptographic purpose. Due to the difficulty of generating and testing full-entropy bitstrings, the SP 800-90 series assumes that a bitstring has full entropy if the amount of entropy per bit is at least 1 - ε, where ε is at most 2-32. NIST IR 8427 provides a justification for the selection of ε.



entropy; min-entropy; random number generation
Control Families

None selected


NISTIR 8427 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Related NIST Publications:
SP 800-90C (Draft)

Document History:
09/07/22: NISTIR 8427 (Draft)


Security and Privacy
random number generation