On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote: > Sebastian Siewior <[EMAIL PROTECTED]> writes: > > > > Anything wrong with get_random_bytes()? > > Whats the advantage over get_random_bytes()? > > get_random_bytes() is not a _pseudo_ random number generator, > it doesn't have a seed and you cannot get repeatable sequences > out of it. > > random32.c is though, but currently it's not reseedable either. > I needed a true reseedable prng a few times too so this > would be useful, although i guess random32.c could have been > fixed. But perhaps there's a need for a more cryptographically > strong PRNG too. > > -Andi I've not looked at random32.c specifically, but I wrote this module specifically to be FIPS 140 compliant, which requires several things, including, but not limited to the use of the AES and DES3 ciphers. The details of the requirements that I wrote it to are found in ANSI X9.31, you can find it here: http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf
Best Neil -- /**************************************************** * Neil Horman <[EMAIL PROTECTED]> * Software Engineer, Red Hat ****************************************************/ -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
