Payment Card Industry 3-D Secure (PCI 3DS)

T.3.2.5 The tester shall examine vendor materials and other evidence to determine any requirements for the developer integrating the 3DS SDK to ensure that the random numbers are sufficiently random. The tester shall confirm that there is clear and sufficient guidance outlining these requirements made available to stakeholders in accordance with Requirement 5.1, “Availability of Stakeholder Guidance.”
Guidance:
Random numbers are used in numerous software applications, including cryptography, to protect sensitive information. Encryption keys, initialization values (seeds), and 3DS SDK transaction IDs are examples of random numbers used in the 3DS SDK. It is not a trivial endeavor to design and implement a secure random number generator. 3DS SDK Vendors are required to use only approved random number generation algorithms and libraries, or provide evidence to illustrate how the random number generation algorithms and libraries were tested to confirm that random numbers generated are sufficiently unpredictable. The implementation may rely on either a validated cryptographic library or module (for example, Validated FIPS 140-2 Cryptographic Modules). The Vendor should have a good understanding of the installation, initialization, configuration and usage⎯for example, initial seeding of the random function⎯of the RNG mechanisms to ensure that the implementation can meet the effective security strength required for the intended use. The calls to these libraries should also be protected from being hooked.

Random values have entropy that meets the minimum effective security strength requirements of the cryptographic primitives and keys that rely on them.
Assessment Procedures:
T.3.3.1 The tester shall examine vendor materials and other evidence, including source code, and the results of testing performed in Requirement 3.2, “Random Number Generator(s),” to determine how the RNG within the 3DS SDK is implemented and how the entropy for the RNG is generated.

T.3.3.2 Where the 3DS SDK relies upon an RNG that has been approved under the NIST Cryptographic Algorithm Validation Program (CAVP), the tester shall confirm from the approval and/or security policy of the RNG, whether the RNG requires the initial entropy to be seeded externally.
T.3.3.3 Where the 3DS SDK is required to generate entropy through use of its own RNG or a RNG that requires external seeding, the tester shall confirm that there is sufficient entropy generated⎯e.g., through confirmation that the entropy generation involves inputs that cannot be predicted within the domain of the random values produced by the RNG.

T.3.3.4 The tester shall confirm that the RNG is seeded with a random value of at least 256 bits for use during all operations.

T.3.3.5 The tester shall obtain at least two sets of 64MB of random data from each of the RNG implementations used in the system, generated during separate installs and initial executions on the same device. This data may be supplied directly by the vendor, but the tester must detail the method used to generate this data, and justify why this sufficiently replicates the way in which the RNG will be used by the system after two similar installations. The tester shall combine the two sets of data and pass this 128MB of data through the NIST STS test program, and detail the results, indicating pass and fail results and how these demonstrate compliance to this requirement. In some situations, it is necessary to repeat such tests using additionally obtained data to confirm final results.
Guidance:
Note that a non-deterministic random number generator (NDRG) may produce an output string that contains less entropy than implied by the length of the output. A deterministic random number generator (DRNG) is dependent on the entropy of its seed value. Vendors are encouraged to use as many sources of seed material as possible to ensure random number values are sufficiently random.