[openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes
paul.dale@oracle.com via RT
rt at openssl.org
Tue Jan 12 04:02:11 UTC 2016
On Tue, 12 Jan 2016 03:36:59 AM Kaduk, Ben via RT wrote:
> There's also the part where asking 'openssl rand' for gigabytes of data
> is not necessarily a good idea -- I believe in the default configuration
> on unix, it ends up reading 32 bytes from /dev/random and using that to
> seed EAY's md_rand.c scheme, which is not exactly a state-of-the-art
> CSPRNG these days...
This matches my understanding, although I thought these bytes would be read from /dev/urandom first.
The unwritten but implied part is that, in the default configuration, the deterministic generator is never reseeded -- those 32 bytes are all the entropy it will ever get.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
More information about the openssl-dev
mailing list