On Fri, Jan 23, 2009 at 11:50:27AM -0500, Neil Horman wrote:
> pseudo RNGs provide predictable outputs based on input parateters {key, V,
> DT},
> the idea behind them is that only the user should know what the inputs are.
> While its nice to have default known values for testing purposes, it seems
> dangerous to allow the use of those default values without some sort of safety
> measure in place, lest an attacker easily guess the output of the cprng. This
> patch forces the NEED_RESET flag on when allocating a cprng context, so that
> any
> user is forced to reseed it before use. The defaults can still be used for
> testing, but this will prevent their inadvertent use, and be more secure.
>
> Signed-off-by: Neil Horman <nhor...@redhat.com>
Applied to cryptodev. Thanks Neil!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
