[dm-crypt] NIST random number generators
gmazyland at gmail.com
Mon Apr 3 14:06:35 CEST 2017
On 04/03/2017 01:21 PM, Houtchen, Steven wrote:
> Does LUKs have a NIST SP 800-90Ar1 DRBG?? We are trying use use LUKS
If compiled on RHEL (there is more requirements for FIPS 140 than just RNG)
and running in FIPS mode, then it is using proper FIPS RNG
(through gcrypt), otherwise it just use /dev/[u]random.
> but need to maybe replace /dev/urandom and/or /dev/random
> to be able to get some certifications for our equipment.
You can compile it that it uses /dev/random by default, see
configure switch --enable-dev-random.
You can change it during runtime as well, see --use-random switch
Cryptsetup will never ever implement own RNG.
More information about the dm-crypt