On Fri, Jul 04, 2008 at 10:44:15AM +0200, Sebastian Siewior wrote: > * Neil Horman | 2008-07-03 22:10:28 [-0400]: > > >On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote: > >> Sebastian Siewior <linux-crypto@xxxxxxxxxxxxxxxx> writes: > >> > > >> > Anything wrong with get_random_bytes()? > >> > Whats the advantage over get_random_bytes()? > >> > >> get_random_bytes() is not a _pseudo_ random number generator, > >> it doesn't have a seed and you cannot get repeatable sequences > >> out of it. > >> > >> random32.c is though, but currently it's not reseedable either. > >> I needed a true reseedable prng a few times too so this > >> would be useful, although i guess random32.c could have been > >> fixed. But perhaps there's a need for a more cryptographically > >> strong PRNG too. > >> > >> -Andi > >I've not looked at random32.c specifically, but I wrote this module specifically > >to be FIPS 140 compliant, which requires several things, including, but not > >limited to the use of the AES and DES3 ciphers. The details of the requirements > >that I wrote it to are found in ANSI X9.31, you can find it here: > Do you want a repeatable random number generator or just to be FIPS140 > compliant (for instance for a certificate thing)? > The former. this is intended to be a prng that can produce repeatable results for the same initial vector, key, secret vector V and input DT. This will also have the effet of being FIPS compliant. Regards Neil -- /**************************************************** * Neil Horman <nhorman@xxxxxxxxxxxxx> * Software Engineer, Red Hat ****************************************************/ -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
