[openssl-dev] Improving OpenSSL default RNG
Marcus Meissner
meissner at suse.de
Sat Oct 24 15:55:44 UTC 2015
On Fri, Oct 23, 2015 at 07:19:11PM +0200, Alessandro Ghedini wrote:
> On Fri, Oct 23, 2015 at 04:34:11PM +0200, Dr. Matthias St. Pierre wrote:
> >
> > Hi,
> >
> > I have a related question concerning alternative RNGs, hope it is not too
> > off-topic:
> >
> > Currently we are using the NIST-SP800-90a compliant DRBG (fips_drbg_method()),
> > because it seemed to us to be more sophisticated and mature than the default
> > RAND_SSLeay(). At least it's better documented and tested.
> >
> > Currently this DRBG is only available through the FIPS object module, so you
> > need to build a FIPS capable OpenSSL library in order to use it.
> >
> > Shouldn't the FIPS DRBG code be added to the normal code base in master, too,
> > as an alternative RNG implemtation? Or is the NIST-SP800-90a DRG construction
> > already obsolete outside of FIPS world?
>
> FWIW, the FIPS module was recently removed, so FIPS_drbg_method() is not present
> in master anymore. I think there are plans to reimplement the whole thing, but
> I don't know anything about that.
>
> In general the NIST DRBGs seem fairly complicated (or completely untrustworthy
> like Dual EC DRBG), so I'd rather have a different implementation as default
> RNG for OpenSSL.
Well, the Dual EC has been removed from the guidance.
The other 3 modes described in NIST 800-90a make sense though. I suggest to read
the standard, the main things making it long are all the error handling and
reseeding strategies.
Ciao, Marcus
More information about the openssl-dev
mailing list