Almost two weeks passed and these are the "relevant" replies: Jason personally does not like FIPS, and is afraid of "subpar crypto". Albeit this patch set strictly isn't about crypto at all; the crypto subsystem is in the unlucky position to just depend on a good entropy source. Greg claims that Linux (kernel) isn't about choice, which is clearly wrong. And this is all ??? There are options for stack protection. I can see bounds checking and other sanity checks all over the place. And doing a similar thing on entropy sources is a problem? Admittedly, if entropy sources fail, the kernel will happily remain running. No bad immediate effects in userland will arise. Only some cryptographic algorithms, otherwise very decent, will run on unneccessarily weak keys, probably causing some real-world problems. Does anybody care? The NIST and the BSI do, but that does not mean their solutions are automatically wrong or backdoored. There is now a well layed-out scheme to ensure quality randomness, and a lot of work here has been put into its implementation. Would some maintainer please comment on potential problems or shortcomings? Otherwise a "Thanks, applied" would be appropriate, IMO. Torsten
