Hi Stephan: Currently you can have two users of DRBG issuing requests in parallel and end up using the same internal state. The only difference between them is the cycle counter that you inject into the DRBG. I can't see how this is safe as the cycle counter contains minimal entropy. The whole DRBG scheme depends on the fact that states are not reused so surely this is a very bad thing? I think we should just stick with locking the entire generation function. The only users of RNG in the crypto API do so in process context so we can make it a rule that all users RNG must be in process context. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html