Stephan Mueller <smueller@xxxxxxxxxx> wrote: > [quoting me] >> ...your code is basically, with 64-bit x: >> >> for( i=0, x = 0 ; i < 64; i++, x =rotl(x) ) >> x |= bit() > > Why not declare some 64-bit constant C with a significant >>number of bits set and do this: >> >> for( i=0, x = 0 ; i < 64; i++, x =rotl(x) ) // same loop control >> if( bit() ) x ^= C ; >> >>This makes every output bit depend on many input bits >>and costs almost nothing extra. > Ok, let me play a bit with that. Maybe I can add another flag to the > allocation function so that the caller can decide whether to use that. > If the user is another RNG, you skip that mixing function, otherwise you > should take it. I'd say just do it. It is cheap enough and using it does no harm even where it is not strictly needed. Adding a flag just gives the calling code a chance to get it wrong. Better not to take that risk if you don't have to. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html