From: Herbert Xu Subject: Re: DRBG seeding Date: Fri, 17 Apr 2015 21:11:37 +0800 Message-ID: <20150417131137.GA27060@gondor.apana.org.au> References: <20150416143617.GA17178@gondor.apana.org.au> <3303782.1Fl4anZ2PL@myon.chronox.de> <20150417021430.GA22835@gondor.apana.org.au> <2956307.5uMbChcz7z@myon.chronox.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Andreas Steffen , Linux Crypto Mailing List To: Stephan Mueller Return-path: Received: from helcar.hengli.com.au ([209.40.204.226]:59672 "EHLO helcar.hengli.com.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753262AbbDQNLo (ORCPT ); Fri, 17 Apr 2015 09:11:44 -0400 Content-Disposition: inline In-Reply-To: <2956307.5uMbChcz7z@myon.chronox.de> Sender: linux-crypto-owner@vger.kernel.org List-ID: On Fri, Apr 17, 2015 at 02:48:51PM +0200, Stephan Mueller wrote: > > Do you really think that this is possible? If the DRBG becomes the stdrng, you > would imply that those callers (e.g. IPSEC) may suffer from a long block (and > with long I mean not just seconds, but minutes). It's only 49 bytes for every 64K so I think it's reasonable. The only reason someone would use this is to comply with the standard and this is what the standard requires so I don't see how we can do anything else. > Furthermore, I fail to see the difference between the current default stdrng > (krng -- which is just get_random_bytes in disguise). Thus, the current > situation with the DRBG seeding is not different from the non-DRBG use case. The difference is that krng doesn't have to satisfy any standard. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt