svn commit: r284959 - in head: . share/man/man4 share/man/man9 sys/conf sys/dev/glxsb sys/dev/hifn sys/dev/random sys/dev/rndtest sys/dev/safe sys/dev/syscons sys/dev/ubsec sys/dev/virtio/random sy...

Thu Jul 2 19:13:55 UTC 2015

On 2 July 2015 at 11:55, Simon J. Gerraty <sjg at juniper.net> wrote:
> Mark R V Murray <markm at freebsd.org> wrote:
>> If so, can I confirm that you may be rolling your own non-Yarrow/Fortuna
>> mixer(s)?
>
> AFAIK no mixer allowed; just direct SP800-90 compliant HMAC-DRBG.
> You can probably guess why we don't agree that's a brilliant arrangement
> but its not an argument we can win.
>
> Same would apply for anyone else doing FIPS 140 evaled products.

Could we please get something like this implemented in upstream
FreeBSD? I'm sure a number of vendors would like to see a (not by
default) FIPS-140 random number generator provided. It'd certainly be
a good check list item for people evaluating the use of freebsd in an
appliance.

Thanks,

-a