[openssl-dev] Work on a new RNG for OpenSSL

Salz, Rich rsalz at akamai.com
Mon Aug 14 16:49:34 UTC 2017


>>> 3. What should I do if I want a given source to be used in addition to the other sources, regardless of whether openssl thinks it got “enough bits” of randomness or not?

>> Modify the source :)
    
>    Very bad answer. 

And also a wrong one.  Your application can always call RAND_add().  Sorry for mistake.
    
> I have no problem reading the source code. I do have a problem with (a) important decisions like this not “formalized” and documented, and (b) mechanisms to tune the RNG seeding not provided and clearly and comprehensively documented.
   
This is a mostly volunteer open source project.  We are unlikely to commit to something that requires so much effort when, frankly, most of the consumers aren’t interested, or qualified, to make an assessment.  I am sorry if that sounds obnoxious or conceited.  It shouldn’t; there are many things that I know I’m not qualified to comment on :)  And also, we reserve the right to make changes.

I expect that the FIPS project, just starting, will be of interest to you. 



More information about the openssl-dev mailing list