On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote: > Sebastian Siewior <linux-crypto@xxxxxxxxxxxxxxxx> writes: > > > > Anything wrong with get_random_bytes()? > > Whats the advantage over get_random_bytes()? > > get_random_bytes() is not a _pseudo_ random number generator, > it doesn't have a seed and you cannot get repeatable sequences > out of it. > > random32.c is though, but currently it's not reseedable either. > I needed a true reseedable prng a few times too so this > would be useful, although i guess random32.c could have been > fixed. But perhaps there's a need for a more cryptographically > strong PRNG too. > > -Andi I've not looked at random32.c specifically, but I wrote this module specifically to be FIPS 140 compliant, which requires several things, including, but not limited to the use of the AES and DES3 ciphers. The details of the requirements that I wrote it to are found in ANSI X9.31, you can find it here: http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf Best Neil -- /**************************************************** * Neil Horman <nhorman@xxxxxxxxxxxxx> * Software Engineer, Red Hat ****************************************************/ -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
