From: Herbert Xu Subject: Re: DRBG seeding Date: Fri, 17 Apr 2015 10:14:30 +0800 Message-ID: <20150417021430.GA22835@gondor.apana.org.au> References: <20150416143617.GA17178@gondor.apana.org.au> <2037814.HNld8WWmfI@tauon> <552FED36.6080904@strongswan.org> <3303782.1Fl4anZ2PL@myon.chronox.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Andreas Steffen , Linux Crypto Mailing List To: Stephan Mueller Return-path: Received: from helcar.hengli.com.au ([209.40.204.226]:50992 "EHLO helcar.hengli.com.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751160AbbDQCOj (ORCPT ); Thu, 16 Apr 2015 22:14:39 -0400 Content-Disposition: inline In-Reply-To: <3303782.1Fl4anZ2PL@myon.chronox.de> Sender: linux-crypto-owner@vger.kernel.org List-ID: On Fri, Apr 17, 2015 at 03:19:17AM +0200, Stephan Mueller wrote: > > 1. during initialization of a DRBG instance, seed from get_random_bytes to > have a DRBG state that is seeded and usable. I think we either need to use real entropy and block, or mark the DRBG unusable until such a time that it has been seeded with real entropy. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt