[dm-crypt] NIST random number generators
michael at kjorling.se
Mon Apr 3 13:37:11 CEST 2017
On 3 Apr 2017 11:21 +0000, from shoutchen at curtisswright.com (Houtchen, Steven):
> Does LUKs have a NIST SP 800-90Ar1 DRBG??
I'm pretty sure LUKS or dm-crypt has no random number generation code
of its own at all; it's just not its job.
> If we need to use some other DRBG, would it be pretty simple to use that
> Instead of /dev/random or /dev/urandom?
Probably; I'd suspect if you grep the source code for /dev/u?random
you will find the list of places you need to change. If you do, at
least consider making the change generic enough to read from a random
number device name supplied on the command line and submit that as a
> This e-mail and any files transmitted with it are proprietary and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have reason to believe that you have received
> this e-mail in error, please notify the sender and destroy this
> e-mail and any attached files. Please note that any views or
> opinions presented in this e-mail are solely those of the author and
> do not necessarily represent those of the Curtiss-Wright Corporation
> or any of its subsidiaries. Documents attached hereto may contain
> technology subject to government export regulations. Recipient is
> solely responsible for ensuring that any re-export, transfer or
> disclosure of this information is in accordance with applicable
> government export regulations. The recipient should check this
> e-mail and any attachments for the presence of viruses.
> Curtiss-Wright Corporation and its subsidiaries accept no liability
> for any damage caused by any virus transmitted by this e-mail.
How nice. Please stop sending garbage like this when you post to
public, publicly archived, mailing lists. To within experimental
error, nobody here cares about it. The fact that it is easily twice as
long as the _relevant_ content of your post doesn't help.
Not making your e-mail four times the size it needs to be by sending
along a HTML copy would also be courteous.
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the dm-crypt