Hi Stephan, That is set as "optional but highly recommended" in the FIPS doc, plus the fact that we do not have a requirement to have a FIP-approved RNG in our case. Although FIPS might impose higher and stronger requirements on the source of entropy, but not passing those tests does not mean the source of entropy is of bad quality. As I mentioned earlier, we just need to evaluate the amount of entropy it provides correctly and use it accordingly. If we are dealing with a chip which has a HW RNG, we expect extremely high entropy close to full from our source, but this patch is for chips which do not have a dedicated HW RNG in place to improve the quality of random number generation on the platform.
Thanks, Miaoqing -----Original Message----- From: Stephan Mueller [mailto:smuel...@chronox.de] Sent: Wednesday, August 10, 2016 3:27 PM To: Pan, Miaoqing <miaoq...@qti.qualcomm.com> Cc: Herbert Xu <herb...@gondor.apana.org.au>; Matt Mackall <m...@selenic.com>; miaoq...@codeaurora.org; Valo, Kalle <kv...@qca.qualcomm.com>; linux-wireless@vger.kernel.org; ath9k-devel <ath9k-de...@qca.qualcomm.com>; linux-cry...@vger.kernel.org; ja...@lakedaemon.net; Sepehrdad, Pouyan <pouy...@qti.qualcomm.com> Subject: Re: [PATCH 2/2] ath9k: disable RNG by default Am Mittwoch, 10. August 2016, 07:15:49 CEST schrieb Pan, Miaoqing: Hi Miaoqing, > Hi Stephan, > > NIST SP 800-22-rev1a and NIST SP 800-90B are used together to evaluate > the amount of min entropy the source provides, and not to decide if > the source has passed the tests or failed. See > > https://github.com/usnistgov/SP800-90B_EntropyAssessment > > The goal is often to make sure the input entropy is more than the > entropy we expect from the output. You are correct on the SP800-90B tests (hence I did not refer to them for the binary decision). Yet, SP800-22 with the associated tool delivers a binary decision. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
