Am Mittwoch, dem 23.12.2020 um 15:32 +0100 schrieb Jason A. Donenfeld: > > I would, however, be interested in a keccak-based construction. But > just using the keccak permutation does not automatically make it > "SHA-3", so we're back at the same issue again. FIPS is simply not > interesting for our requirements. Your requirements? Interesting approach. Using non-assessed cryptography? Sounds dangerous to me even though it may be based on some well-known construction. I thought Linux in general and crypto in particular is about allowing user (or the vendor) to decide about the used algorithm. So, let us have a mechanism that gives them this freedom. Thus the proposed idea sounds to me like a dangerous proposition upon which almost all cryptography shall rest. This will surely invite even more fragmentation. Ciao Stephan PS: This entire discussion is NOT about the crypto side of the random numbers, but about how get the entropy for the random numbers.