Am Sonntag, 14. Dezember 2014, 15:37:38 schrieb George Spelvin: Hi George, > In an earlier conversation with Neil, I had an idea that I'd like > your opinion on. > > I still think whether true-random mode is wanted is up in the air, > but if it is, a better way to proide it would be to create a separate > crypto_alg for it, with a smaller seed size (no DT seed) and its own name. > In my personal view, there is no need for such rather non-deterministic behavior. The reasons are several-fold: - one who wants non-deterministic operation goes straight to get_random_bytes or uses stdrng in a normal system. This RNG is built for that purpose. Though, get_random_bytes is logically /dev/urandom. If somebody wants to have an in- kernel /dev/random implementation, I have one available. When I come around, I want to make that in-kernel /dev/random as a seed source for my DRBG. That in- kernel /dev/random would be a good seed source for the X9.31 too -- and here you should put your effort into, IMHO. - the non-determinism you get from get_random_int is very weak. If you start thinking about the information theoretical entropy behind that function that is used once in a while, you may not get much entropy. Please, please, please, I do not want to start a discussion around entropy -- I will not participate in such discussion :-) - the deterministic RNGs are cryptographically strong. Thus, when you seed them with a good noise source like get_random_bytes, you will get good random numbers. Ensure proper reseeding and you will be on the safe side. Thus, I am questioning whether such slightly non-deterministic RNG would be used. > But I have no idea what name to use. Any suggestions? And a FIPS > version, too? There is no FIPS version of a non-deterministic RNG. Either deterministic or die (the SP800-90B death). -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html