* Neil Horman | 2008-07-03 22:10:28 [-0400]: >On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote: >> Sebastian Siewior <linux-crypto@xxxxxxxxxxxxxxxx> writes: >> > >> > Anything wrong with get_random_bytes()? >> > Whats the advantage over get_random_bytes()? >> >> get_random_bytes() is not a _pseudo_ random number generator, >> it doesn't have a seed and you cannot get repeatable sequences >> out of it. >> >> random32.c is though, but currently it's not reseedable either. >> I needed a true reseedable prng a few times too so this >> would be useful, although i guess random32.c could have been >> fixed. But perhaps there's a need for a more cryptographically >> strong PRNG too. >> >> -Andi >I've not looked at random32.c specifically, but I wrote this module specifically >to be FIPS 140 compliant, which requires several things, including, but not >limited to the use of the AES and DES3 ciphers. The details of the requirements >that I wrote it to are found in ANSI X9.31, you can find it here: Do you want a repeatable random number generator or just to be FIPS140 compliant (for instance for a certificate thing)? >http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf I take a look on that. > >Best >Neil Sebastian -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
