On Mon, Mar 27, 2017 at 03:53:03PM +0200, Stephan Müller wrote: > Am Montag, 27. März 2017, 06:23:11 CEST schrieb PrasannaKumar Muralidharan: > > Hi PrasannaKumar, > > > > Oh my, if you are right with your first guess, this is a bad DRNG design. > > > > > > Just out of curiousity: what happens if a caller invokes the seed function > > > twice or more times (each time with the sufficient amount of bits)? What > > > is > > > your guess here? > > > > Should the second seed use the random data generated by the device? > > A DRNG should be capable of processing an arbitrary amount of seed data. It > may be the case that the seed data must be processed in chunks though. > As I said, I do not know the implementation details about hardware. They are just not disclossed. > That said, it may be the case that after injecting one chunk of seed the > currently discussed RNG simply needs to generate a random number to process > the input data before another seed can be added. But that is pure speculation. > > But I guess that can be easily tested: inject a known seed into the DRNG, > generate a random number, inject the same seed again and again generate a > random number. If both are identical (which I do not hope), then the internal > state is simply overwritten (strange DRNG design). > > A similar test can be made to see whether a larger set of seed simply > overwrites the state or is really processed. > > 1. seed > 2. generate random data > 3. reset > 4. seed with anther seed > 5. generate random data > 6. reset > 7. seed with same data from 1 > 8. seed with same data from 2 > 9. generate random data > > If data from 9 is identical to 2, then additional seed data is discarded -> > bad design. If data from 9 is identical to 5, then the additional data > overwrites the initial data -> bad DRNG design. If data from 9 neither matches > 2 or 5, then all seed is taken -> good design. I tested a little bit and: 1. Seeding with some value 2. generating random, 3. kcapi_rng_destroy+kcrng_init, (I cannot do a hardware reset except reboot of entire system) 4. seeding with the same value as in (1) - different random numbers. Doing a system reboot and repeating above - different random numbers (all are different: step (2) and in (4)). Your test case also produces different random values every time. Best regards, Krzysztof