The crypto drbg disable command is used to turn off the system to use the hash-based deterministic random number generator (HASH_DRBG) to generate random numbers.
The undo crypto drbg disable command enables the HASH_DRBG function.
By default, the HASH_DRBG function is enabled.
Usage Scenario
Random numbers are widely used in security scenarios. By default, the system uses the HASH_DRBG function to generate random numbers. The random numbers comply with the NIST SP 800-90A standard and are of high security. However, in comparison with X9.31 standard-compliant random numbers, NIST SP 800-90A standard-compliant random numbers deteriorate device performance. To improve device performance, run the crypto drbg disable command to disable the HASH_DRBG function and enable the system to generate random numbers in compliance with the X9.31 standard. Because X9.31 standard-compliant random numbers are not as secure as NIST SP 800-90A standard-compliant ones, exercise caution when running this command.
Precautions
In VS mode, this command is supported only by the admin VS.