From: Herbert Xu <herbert@gondor.apana.org.au>
Subject: Re: DRBG seeding
Date: Fri, 17 Apr 2015 10:14:30 +0800
Message-ID: <20150417021430.GA22835@gondor.apana.org.au>
References: <20150416143617.GA17178@gondor.apana.org.au>
 <2037814.HNld8WWmfI@tauon>
 <552FED36.6080904@strongswan.org>
 <3303782.1Fl4anZ2PL@myon.chronox.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Andreas Steffen <andreas.steffen@strongswan.org>,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
To: Stephan Mueller <smueller@chronox.de>
Return-path: <linux-crypto-owner@vger.kernel.org>
Received: from helcar.hengli.com.au ([209.40.204.226]:50992 "EHLO
	helcar.hengli.com.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751160AbbDQCOj (ORCPT
	<rfc822;linux-crypto@vger.kernel.org>);
	Thu, 16 Apr 2015 22:14:39 -0400
Content-Disposition: inline
In-Reply-To: <3303782.1Fl4anZ2PL@myon.chronox.de>
Sender: linux-crypto-owner@vger.kernel.org
List-ID: <linux-crypto.vger.kernel.org>

On Fri, Apr 17, 2015 at 03:19:17AM +0200, Stephan Mueller wrote:
>
> 1. during initialization of a DRBG instance, seed from get_random_bytes to 
> have a DRBG state that is seeded and usable.

I think we either need to use real entropy and block, or mark
the DRBG unusable until such a time that it has been seeded
with real entropy.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt