Hi Stephan, in my opinion you definitively have to seed the DRBG with true entropy from /dev/random. This is what we are currently doing in userland with the strongSwan DRBG needed for the post-quantum NTRU-based key exchange algorithm. The NIST SP800-90A spec defines a parameter which estimates the entropy contained in the seed, but I think it is extremely difficult to derive an estimate if /dev/urandom is used. Our plans within the strongSwan project is to make the Linux kernel DRBG available via the af-alg interface. Best regards Andreas On 16.04.2015 17:32, Stephan Mueller wrote:
Am Donnerstag, 16. April 2015, 23:26:18 schrieb Herbert Xu: Hi Herbert,On Thu, Apr 16, 2015 at 05:07:20PM +0200, Stephan Mueller wrote:I do not see a specific requirement in SP800-90A about the quality of the noise source.Well it explicitly says that you cannot use a DRBG. In the worst case get_random_bytes is completely deterministic.That said, I already developed an in-kernel version of /dev/random. I sent the patch to LKML some half year ago. If I understood Ted Tso right, there is no general objection against adding that in-kernel interface. See [1] for the thread. Furthermore, I already started working on updating the DRBG to use that in- kernel /dev/random interface. Shall I pursue that work in earnest now? [1] https://lkml.org/lkml/2014/5/11/276Yes I think we should do this.Ok, I will work on that after I added the global lock to the DRBG.Thanks,Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
-- ====================================================================== Andreas Steffen andreas.steffen@xxxxxxxxxxxxxx strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature