Almost all cryptographic methods require strong random numbers. If attackers can predict the numbers the random number generator will provide sufficiently well, they can find the keys that are used relatively easily.

To avoid every cryptographic application from having to implement procedures for producing random numbers, BS2000 provides a central random number generator. The BS2000 random number generator PRNGD (Pseudo Random Number Generator Daemon) is implemented as a pseudo random number generator. This prevents blocking and thus offers no openings for “Denial of Services (DoS)” attacks.

To improve access to data of the operating system kernel, the BS2000 PRNGD is implemented as a TPR subsystem. This is a major advantage in comparison with application -specific random number generators that do not run in TPR. In addition, this also ensures that the PRNGD is better protected against access by potential attackers. The user interface is implemented via an SVC.

The entropy sources, configuration and user interface of the BS2000 PRNGD are described below.