It's not based on the NIST-recommended algorithm, it *is* the NIST-recommended algorithm, and has even passed their validation tests. Also make clear that it's intended to be a determinsitic generator, despite the confusing name of the DT vector. Signed-off-by: George Spelvin <linux@xxxxxxxxxxx> --- crypto/ansi_cprng.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c index f3e280c4..9c8475a2 100644 --- a/crypto/ansi_cprng.c +++ b/crypto/ansi_cprng.c @@ -1,7 +1,9 @@ /* - * PRNG: Pseudo Random Number Generator - * Based on NIST Recommended PRNG From ANSI X9.31 Appendix A.2.4 using - * AES 128 cipher + * PRNG: This is the "NIST-Recommended Random Number Generator Based + * on ANSI X9.31 Appendix A.2.4" using the AES 128 cipher. + * Many specific kernel snapshots have collected validations from + * the NIST RNG Validation System; results are available at + * http://csrc.nist.gov/groups/STM/cavp/documents/rng/rngval.html * * (C) Neil Horman <nhorman@xxxxxxxxxxxxx> * @@ -9,8 +11,6 @@ * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * any later version. - * - * */ #include <crypto/internal/rng.h> @@ -36,7 +36,12 @@ * Note: DT is our counter value * V is our seed vector * See http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf - * for implementation details + * for implementation details. + * + * Note that even though DT stands for "date/time", since this is a + * deterministic pseudo-random generator, it is a determinsitic counter, + * not a timestamp. Its function is not to inject seed entropy, but to + * ensure a long period in the output. */ struct prng_context { spinlock_t prng_lock; -- 2.1.3 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html