[openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes
Ole Tange via RT
rt at openssl.org
Wed Jan 13 00:22:01 UTC 2016
On Tue, Jan 12, 2016 at 4:58 PM, Viktor Dukhovni via RT <rt at openssl.org> wrote:
>
>> On Jan 12, 2016, at 6:35 AM, Ole Tange via RT <rt at openssl.org> wrote:
>>
>> May I suggest the bug also becomes a wish for support for > 2GB
>> numbers, as that is what the user originally wanted?
>
> key=$(openssl rand -hex 16)
> iv=$(openssl rand -hex 16)
> cat /dev/zero | openssl enc -aes-128-cbc -K $key -iv $iv
>
> is a better way to produce a random stream of arbitrary length,
> it is also hardware accelerated (AESNI) on many systems.
Great. But the normal user does not know this, and it is so complex
that even an advanced user like me will have to look it up every time.
Is there any reason why the above is not run instead of what `openssl
rand` runs today?
In other words: Why not change `openssl rand` to run what you would
recommend people run anyway?
/Ole
More information about the openssl-dev
mailing list