On Sat, Apr 18, 2015 at 04:04:14AM +0200, Stephan Mueller wrote:
>
> However, the only serious solution I can offer to not block is to use my
> Jitter RNG which delivers entropy in (almost all) use cases. See [1]. The
> code
> is relatively small and does not have any dependencies. In this case
Am Samstag, 18. April 2015, 09:36:18 schrieb Herbert Xu:
Hi Herbert,
> On Sat, Apr 18, 2015 at 03:32:03AM +0200, Stephan Mueller wrote:
> > In any case, I am almost ready with the patch for an async seeding.
> > Though, I want to give it a thorough testing.
>
> I don't see the point of async see
On Sat, Apr 18, 2015 at 03:32:03AM +0200, Stephan Mueller wrote:
>
> In any case, I am almost ready with the patch for an async seeding. Though, I
> want to give it a thorough testing.
I don't see the point of async seeding, unless you're also making
all generate calls block until the seeding is
Am Samstag, 18. April 2015, 09:27:44 schrieb Herbert Xu:
Hi Herbert,
> On Fri, Apr 17, 2015 at 03:22:56PM +0200, Stephan Mueller wrote:
> > > The only reason someone would use this is to comply with the
> > > standard and this is what the standard requires so I don't see
> > > how we can do anyth
On Fri, Apr 17, 2015 at 03:22:56PM +0200, Stephan Mueller wrote:
>
> > The only reason someone would use this is to comply with the
> > standard and this is what the standard requires so I don't see
> > how we can do anything else.
>
> I do not see a definite quality requirement of the seed source
to see the difference between the current default
> > stdrng (krng -- which is just get_random_bytes in disguise). Thus, the
> > current situation with the DRBG seeding is not different from the
> > non-DRBG use case.
> The difference is that krng doesn't have to satisfy an
default stdrng
> (krng -- which is just get_random_bytes in disguise). Thus, the current
> situation with the DRBG seeding is not different from the non-DRBG use case.
The difference is that krng doesn't have to satisfy any standard.
Cheers,
--
Email: Herbert Xu
Home Page: http:/
(and
with long I mean not just seconds, but minutes).
Furthermore, I fail to see the difference between the current default stdrng
(krng -- which is just get_random_bytes in disguise). Thus, the current
situation with the DRBG seeding is not different from the non-DRBG use case.
Therefore, I
On Fri, Apr 17, 2015 at 03:19:17AM +0200, Stephan Mueller wrote:
>
> 1. during initialization of a DRBG instance, seed from get_random_bytes to
> have a DRBG state that is seeded and usable.
I think we either need to use real entropy and block, or mark
the DRBG unusable until such a time that it
Am Donnerstag, 16. April 2015, 19:11:18 schrieb Andreas Steffen:
Hi Andreas,
> Hi Stephan,
>
> in my opinion you definitively have to seed the DRBG with true
> entropy from /dev/random. This is what we are currently doing
> in userland with the strongSwan DRBG needed for the post-quantum
> NTRU-
Hi Stephan,
in my opinion you definitively have to seed the DRBG with true
entropy from /dev/random. This is what we are currently doing
in userland with the strongSwan DRBG needed for the post-quantum
NTRU-based key exchange algorithm. The NIST SP800-90A spec defines
a parameter which estimates
Am Donnerstag, 16. April 2015, 23:26:18 schrieb Herbert Xu:
Hi Herbert,
>On Thu, Apr 16, 2015 at 05:07:20PM +0200, Stephan Mueller wrote:
>> I do not see a specific requirement in SP800-90A about the quality of the
>> noise source.
>
>Well it explicitly says that you cannot use a DRBG. In the wo
On Thu, Apr 16, 2015 at 05:07:20PM +0200, Stephan Mueller wrote:
>
> I do not see a specific requirement in SP800-90A about the quality of the
> noise source.
Well it explicitly says that you cannot use a DRBG. In the worst
case get_random_bytes is completely deterministic.
> That said, I alre
Am Donnerstag, 16. April 2015, 22:36:17 schrieb Herbert Xu:
Hi Herbert,
>Hi Stephan:
>
>Currently DRBG is seeded with entropy from get_random_bytes.
>However, get_random_bytes is basically the kernel version of
>/dev/urandom. So there is no guarantee that you're actually
>getting the amount of e
Hi Stephan:
Currently DRBG is seeded with entropy from get_random_bytes.
However, get_random_bytes is basically the kernel version of
/dev/urandom. So there is no guarantee that you're actually
getting the amount of entropy required.
Are you sure this is compliant with the DRBG specification?
C
15 matches
Mail list logo
