Re: [PATCH v5 3/4] crypto: kdf - SP800-108 Key Derivation Function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 16, 2016 at 11:11:47AM +0200, Stephan Mueller wrote:
>
> Conceptually, a KDF is a random number generator by generating arbitrarily 
> sized strings from a fixed "seed". This lead me to add the RNG template 
> handling. Even the existing DRBG is more or less a "block chaining mode" that 
> is very similar to a KDF. Hence, the current plethora of 22 registered DRBGs 
> could be elegantly eliminated if the DRBG is turned into template using the 
> proposed RNG framework.

The point is that there is no alternative implementation for kdf,
nor is there likely to be one.

> If you think that a KDF should not be a generic mechanism, then the KDF logic 
> would need to move directly into the keys subsystem. But since TLS is 
> something folks speak about, a TLS KDF would need to be considered eventually 
> too which is yet again some form of RNG.

If a TLS KDF comes with a hardware implementation then we could
include it.  Otherwise the answer would be the same.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux