Hi Ted, On Thu, Dec 22, 2016 at 12:02 AM, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote: > This duplicates the current algorithm for get_random_int/long I should have mentioned this directly in the commit message, which I forgot to update: this v7 adds the time-based key rotation, which, while not strictly necessary for ensuring the security of the RNG, might help alleviate some concerns, as we talked about. Performance is quite good on both 32-bit and 64-bit -- better than MD5 in both cases. If you like this, terrific. If not, I'm happy to take this in whatever direction you prefer, and implement whatever construction you think best. There's been a lot of noise on this list about it; we can continue to discuss more, or you can just tell me whatever you want to do, and I'll implement it and that'll be the end of it. As you said, we can always get something decent now and improve it later. Alternatively, if you've decided in the end you prefer your batched entropy approach using chacha, I'm happy to implement a polished version of that here in this patch series (so that we can keep the `rm lib/md5.c` commit.) Just let me know how you'd like to proceed. Thanks, Jason -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html