On Wed, Dec 1, 2021 at 12:19 PM Simo Sorce <simo@xxxxxxxxxx> wrote: > that much it is, and it is a required one. However having worked a lot > on this I can tell you there is actually real cryptographic value in > the requirements FIPS introduced over the years > Well I think most of the requirements are sane practices, hopefully > controversial stuff will be minimal. > I happen to think quite a few of the requirements are actually good > ideas to implement to improve the guarantees of randomness If you think there are good ways to improve the RNG, of course send patches for this, justifying why, taking into account recent research into the topic you wish to patch, etc. Don't write, "because FIPS"; instead argue rationale for each patch. And if you _do_ feel the need to appeal to authority, perhaps links to the various eprint papers you consulted would be worthwhile. Preferably you're able to do this in a small, incremental way, with small standalone patchsets, instead of gigantic series.
