[dm-crypt] NIST random number generators

Milan Broz gmazyland at gmail.com
Mon Apr 3 14:06:35 CEST 2017


On 04/03/2017 01:21 PM, Houtchen, Steven wrote:
> All,
> 
>  
> 
> Does LUKs have  a NIST SP 800-90Ar1 DRBG??  We are trying use use LUKS

If compiled on RHEL (there is more requirements for FIPS 140 than just RNG)
and running in FIPS mode, then it is using proper FIPS RNG
(through gcrypt), otherwise it just use /dev/[u]random.

> 
> but need to maybe replace /dev/urandom  and/or /dev/random
> 
> to be able to get some certifications for our equipment.

You can compile it that it uses /dev/random by default, see
configure switch --enable-dev-random.

You can change it during runtime as well, see --use-random switch

Cryptsetup will never ever implement own RNG.

Milan


More information about the dm-crypt mailing list