Hello, well /dev/random and /dev/urandom *are* the APIs for the Linux Random Number Generator! This means that the default libstrongswan random plugin uses the LRNG. We define three strengths of random material:
type use random plugin RNG_WEAK: nonces, IVs /dev/urandom RNG_STRONG: DH session keys, cookies /dev/urandom RNG_TRUE: RSA/ECDSA keys /dev/random In place of the default random plugin you could use a plugin of your own directly interfacing to a HW true random generator. Best regards Andreas Nguyễn Hoàng Anh wrote: > Hello Andreas and all members! > > I have a question about LRNG (Linux Random Number Generator) in Strongswan. > I wonder how Strongswan use it ? > I looked into Strongswan ' source code and see that Strongswan use > /dev/random and /dev/urandom for generate ramdom numbers. > I think that Strongswan use LRNG to generate key encryption, cookies,... Is > it true? > Can you give me more details about it? > > Many thanks! > ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users