Re: [PATCH 0/3] enhance RNG api with flags to allow for different operational modes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 17, 2009 at 08:43:51AM -0400, Neil Horman wrote:
>
> As Jarod mentioned, currently only the NIST certification vectors and, as a
> result our testmgr vectors require disabling of the internal continuity test,
> but to generalize from that, I would imagine that any set of certification
> vectors that exist in the wild, may or may not assume the presence of the oth
> iteration consumption, and this patch gives us the flexability to make use of
> those.  I was thinking that this api extension could also be used for various
> debugging purposes (additional flags could be created to enable internal
> debugging, etc).

My gut feeling would be to just get rid of the test vectors.

But if you really want to keep them, please do it like CTR and
RFC3686.  That is, have the raw RNG tested with the current vectors,
and implement the FIPS version as a wrapper on top of it to remove
the required bits.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux