From: Stephan Mueller Subject: Re: DRBG seeding Date: Sat, 18 Apr 2015 03:32:03 +0200 Message-ID: <3151046.CNv2ChE2Gl@myon.chronox.de> References: <20150416143617.GA17178@gondor.apana.org.au> <2278042.JS7c5BLrbA@myon.chronox.de> <20150418012744.GA1329@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: Andreas Steffen , Linux Crypto Mailing List To: Herbert Xu Return-path: Received: from mail.eperm.de ([89.247.134.16]:34176 "EHLO mail.eperm.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751494AbbDRBcJ (ORCPT ); Fri, 17 Apr 2015 21:32:09 -0400 In-Reply-To: <20150418012744.GA1329@gondor.apana.org.au> Sender: linux-crypto-owner@vger.kernel.org List-ID: Am Samstag, 18. April 2015, 09:27:44 schrieb Herbert Xu: Hi Herbert, > On Fri, Apr 17, 2015 at 03:22:56PM +0200, Stephan Mueller wrote: > > > The only reason someone would use this is to comply with the > > > standard and this is what the standard requires so I don't see > > > how we can do anything else. > > > > I do not see a definite quality requirement of the seed source in > > SP800-90A. > Section 8.6.5 "Source of Entropy Input" explicitly requires this. > > TBH whether /dev/random even satisfies 8.6.5 is also debatable. > But it agrees with the specification at least in spirit. Ok, if I re-read that one and consider our discussion, I would agree. But it was handled differently up to now. In any case, I am almost ready with the patch for an async seeding. Though, I want to give it a thorough testing. -- Ciao Stephan