[openssl-dev] Work on a new RNG for OpenSSL

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Mon Aug 14 17:44:58 UTC 2017 

   >>> Modify the source :)
    >>   
    >>    Very bad answer. 
   >
   >    And also a wrong one.  Your application can always call RAND_add().  Sorry for mistake.
     
And this is a very good answer. Perhaps this guidance deserves being documented somewhere besides this mailing list? Something along the lines of 

“RNG Seed Sources can be set by --with-rand-seed. “os” is the default source. Sources are tried until enough bits of randomness have been collected. If you want to mix data from a particular source into the seed, but don’t want to make that source exclusive – use RAND_add() method.”
   
 > This is a mostly volunteer open source project. 

Yeah, I realize and appreciate that.

> We are unlikely to commit to something that requires so much effort

I’m not sure I agree here. What effort are you talking about? In order to select an order in which available sources are queried, the developers had to think (hopefully :). Those thought could be documented in a few lines of text. 

> when, frankly, most of the consumers aren’t interested, or qualified, to make an assessment.

So they’ll be happy with the default. Fine with me. ;-)

>  I am sorry if that sounds obnoxious or conceited.  It shouldn’t; there are many things that I know I’m not qualified to comment on :)  And also, we reserve the right to make changes.

No offense taken. But you “freeze” interface to and behavior of ciphers and cipher modes, for example. This (how you seed RNG that provides keys to those) is at least equally important. It’s not a minute detail that nobody should care about or nose in.

So while the team clearly has the right to make changes (especially before the interface became public ;), but I’d rather that such changes  are guided by an informed consent from the public (such as yours truly ;). 
    
 >   I expect that the FIPS project, just starting, will be of interest to you. 
   
Thank you – indeed it is of  interest. (Though I see FIPS more as a curse than as a blessing ;-).
 
One important thing I missed earlier:

>  We also added a separate global DRBG for private key generation and added API’s to use it.
> This object isn’t reachable directly, but it is used by the new BN_priv_rand and BN_priv_rand_range API’s.
> Those API’s, in turn, are used by all private-key generating functions.

I think it is *imperative* for a user to be able to RAND_add() to the DRBG that gnerates private keys. I cannot emphasize enough how critical this is.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170814/d6a80315/attachment-0001.bin>

More information about the openssl-dev mailing list