On Tue, Aug 16, 2016 at 11:11:47AM +0200, Stephan Mueller wrote: > > Conceptually, a KDF is a random number generator by generating arbitrarily > sized strings from a fixed "seed". This lead me to add the RNG template > handling. Even the existing DRBG is more or less a "block chaining mode" that > is very similar to a KDF. Hence, the current plethora of 22 registered DRBGs > could be elegantly eliminated if the DRBG is turned into template using the > proposed RNG framework. The point is that there is no alternative implementation for kdf, nor is there likely to be one. > If you think that a KDF should not be a generic mechanism, then the KDF logic > would need to move directly into the keys subsystem. But since TLS is > something folks speak about, a TLS KDF would need to be considered eventually > too which is yet again some form of RNG. If a TLS KDF comes with a hardware implementation then we could include it. Otherwise the answer would be the same. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html