<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 06/27/2017 02:28 AM, Matt Caswell wrote:<br>
<blockquote type="cite"
cite="mid:97aef447-9dfd-5479-c4df-08d2c62ea8f1@openssl.org">
<pre wrap="">
On 26/06/17 21:18, Kurt Roeckx wrote:
</pre>
<br>
<blockquote type="cite">
<pre wrap="">I think it should by default be provided by the OS, and I don't
think any OS is documenting how much randomness it can provide.
</pre>
</blockquote>
<pre wrap="">
I also agree that, by default, using the OS provided source makes a lot
of sense.
</pre>
</blockquote>
<br>
Do you mean having openssl just pass through to
getrandom()/read()-from-'/dev/random'/etc. or just using those to
seed our own thing?<br>
<br>
The former seems simpler and preferable to me (perhaps modulo
linux's broken idea about "running out of entropy"), but the
argument presented about us being used in all sorts of environments
that we can't even enumerate has basically convinced me that we will
need to provide some alternative as well. (It remains unclear how
such environments will be able to provide usable seed randomness,
but there is only so much we can do about that.)<br>
<br>
-Ben<br>
</body>
</html>