[openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes
Hubert Kario via RT
rt at openssl.org
Wed Jan 13 13:28:41 UTC 2016
On Tuesday 12 January 2016 15:58:59 Viktor Dukhovni via RT wrote:
> > On Jan 12, 2016, at 6:35 AM, Ole Tange via RT <rt at openssl.org>
> > wrote:
> >
> > On Tue, Jan 12, 2016 at 7:02 AM, Rich Salz via RT <rt at openssl.org>
wrote:
> >> Fixed in bd4850df648bee9d8e0595b7e1147266e6f55a3e
> >
> > Great to see.
> >
> > May I suggest the bug also becomes a wish for support for > 2GB
> > numbers, as that is what the user originally wanted?
>
> key=$(openssl rand -hex 16)
> iv=$(openssl rand -hex 16)
> cat /dev/zero | openssl enc -aes-128-cbc -K $key -iv $iv
>
> is a better way to produce a random stream of arbitrary length,
> it is also hardware accelerated (AESNI) on many systems.
I would upgrade that to aes-128-ctr, but it's not bad per-se
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160113/ef2fb0b0/attachment.sig>
More information about the openssl-dev
mailing list