drbg: strength is initialized before check?
kriskwiatkowski opened this issue · comments
Kris Kwiatkowski commented
Seems like a bug:
// Minimum entropy input (SP800-90A, 10.2.1)
if len(entropy) < int(c.strength/8) {
return false
}
// Security strength for AES-256 as per SP800-57, 5.6.1
c.strength = 256