get_random_bytes in disguise). Thus, the current
situation with the DRBG seeding is not different from the non-DRBG use case.
The difference is that krng doesn't have to satisfy any standard.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au
seconds, but minutes).
Furthermore, I fail to see the difference between the current default stdrng
(krng -- which is just get_random_bytes in disguise). Thus, the current
situation with the DRBG seeding is not different from the non-DRBG use case.
Therefore, I still think we:
- need to satisfy
is just get_random_bytes in disguise). Thus, the
current situation with the DRBG seeding is not different from the
non-DRBG use case.
The difference is that krng doesn't have to satisfy any standard.
Cheers,
--
Ciao
Stephan
--
To unsubscribe from this list: send the line unsubscribe linux
Am Samstag, 18. April 2015, 09:36:18 schrieb Herbert Xu:
Hi Herbert,
On Sat, Apr 18, 2015 at 03:32:03AM +0200, Stephan Mueller wrote:
In any case, I am almost ready with the patch for an async seeding.
Though, I want to give it a thorough testing.
I don't see the point of async seeding,
On Sat, Apr 18, 2015 at 04:04:14AM +0200, Stephan Mueller wrote:
However, the only serious solution I can offer to not block is to use my
Jitter RNG which delivers entropy in (almost all) use cases. See [1]. The
code
is relatively small and does not have any dependencies. In this case, we
Am Samstag, 18. April 2015, 09:27:44 schrieb Herbert Xu:
Hi Herbert,
On Fri, Apr 17, 2015 at 03:22:56PM +0200, Stephan Mueller wrote:
The only reason someone would use this is to comply with the
standard and this is what the standard requires so I don't see
how we can do anything else.
On Sat, Apr 18, 2015 at 03:32:03AM +0200, Stephan Mueller wrote:
In any case, I am almost ready with the patch for an async seeding. Though, I
want to give it a thorough testing.
I don't see the point of async seeding, unless you're also making
all generate calls block until the seeding is
On Fri, Apr 17, 2015 at 03:22:56PM +0200, Stephan Mueller wrote:
The only reason someone would use this is to comply with the
standard and this is what the standard requires so I don't see
how we can do anything else.
I do not see a definite quality requirement of the seed source in
Hi Stephan:
Currently DRBG is seeded with entropy from get_random_bytes.
However, get_random_bytes is basically the kernel version of
/dev/urandom. So there is no guarantee that you're actually
getting the amount of entropy required.
Are you sure this is compliant with the DRBG specification?
Am Donnerstag, 16. April 2015, 22:36:17 schrieb Herbert Xu:
Hi Herbert,
Hi Stephan:
Currently DRBG is seeded with entropy from get_random_bytes.
However, get_random_bytes is basically the kernel version of
/dev/urandom. So there is no guarantee that you're actually
getting the amount of
Am Donnerstag, 16. April 2015, 23:26:18 schrieb Herbert Xu:
Hi Herbert,
On Thu, Apr 16, 2015 at 05:07:20PM +0200, Stephan Mueller wrote:
I do not see a specific requirement in SP800-90A about the quality of the
noise source.
Well it explicitly says that you cannot use a DRBG. In the worst
On Thu, Apr 16, 2015 at 05:07:20PM +0200, Stephan Mueller wrote:
I do not see a specific requirement in SP800-90A about the quality of the
noise source.
Well it explicitly says that you cannot use a DRBG. In the worst
case get_random_bytes is completely deterministic.
That said, I already
Hi Stephan,
in my opinion you definitively have to seed the DRBG with true
entropy from /dev/random. This is what we are currently doing
in userland with the strongSwan DRBG needed for the post-quantum
NTRU-based key exchange algorithm. The NIST SP800-90A spec defines
a parameter which estimates
On Fri, Apr 17, 2015 at 03:19:17AM +0200, Stephan Mueller wrote:
1. during initialization of a DRBG instance, seed from get_random_bytes to
have a DRBG state that is seeded and usable.
I think we either need to use real entropy and block, or mark
the DRBG unusable until such a time that it
Am Donnerstag, 16. April 2015, 19:11:18 schrieb Andreas Steffen:
Hi Andreas,
Hi Stephan,
in my opinion you definitively have to seed the DRBG with true
entropy from /dev/random. This is what we are currently doing
in userland with the strongSwan DRBG needed for the post-quantum
NTRU-based
15 matches
Mail list logo
