[openssl-dev] Improving OpenSSL default RNG
Dr. Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Fri Oct 23 14:34:11 UTC 2015
Hi,
I have a related question concerning alternative RNGs, hope it is not too off-topic:
Currently we are using the NIST-SP800-90a compliant DRBG (FIPS_drbg_method()), because it seemed to us to be more
sophisticated and mature than the default RAND_SSLeay(). At least it's better documented and tested.
Currently this DRBG is only available through the FIPS object module, so you need to build a FIPS capable OpenSSL library in
order to use it.
Shouldn't the FIPS DRBG code be added to the normal code base in master, too, as an alternative RNG implemtation?
Or is the NIST-SP800-90a DRG construction already obsolete outside of FIPS world?
Regards,
Matthias
More information about the openssl-dev
mailing list