# Randomness and DRBGs (Entropy) One-sentence definition: High-quality entropy and deterministic random bit generators (DRBGs) underpin secure keys, nonces, and salts. ## Key Facts - Entropy sources: hardware noise, OS pools; DRBG expands to many bits. - Predictable RNGs lead to key/nonce reuse and breaks. - Use approved DRBGs, seed properly, and reseed periodically. - Per-session **unique nonces** critical for AEAD (e.g., GCM). - Collect entropy before first use (boot) to avoid weak keys. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Identify RNG weakness as root cause of crypto failure. **Mnemonic:** “Bad random = **broken** crypto.” ## Mini Scenario Q: System reused nonces in GCM—impact? A: Catastrophic integrity/confidentiality failure. ## Revision Checklist - Entropy vs DRBG. - Why nonce uniqueness matters. - One seeding best practice. ## Related [[Block Cipher Modes (ECB, CBC, CTR, GCM)]] · [[Key Stretching and Password Hashing (PBKDF2, bcrypt, scrypt, Argon2)]] · [[Cryptoperiods and Key Rotation]] · [[TLS Handshake Overview]] · [[Key Management Basics (Asset Security)]] · [[Domain 3 - Index]]