[openssl-dev] Work on a new RNG for OpenSSL
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Sun Aug 20 03:10:53 UTC 2017
Offhand, I'd say it's a perfect solution. It allows me to mix in additional randomness when I want to the RNG that I think may need it. Exactly what I need.
Thanks!
P.S. I wonder if it's feasible to have a configuration parameter that would allow me to tell the TLS code to invoke RAND_add_ex() before generating session keys?
Regards,
Uri
Sent from my iPhone
> On Aug 18, 2017, at 19:42, Salz, Rich via openssl-dev <openssl-dev at openssl.org> wrote:
>
> ➢ But I’d like the development team to comment on (and ideally – accept) my request to add RAND_add() method to the RNG that is used in generation of private keys.
>
> Well, I’ve been thinking about this for a bit, since you first raised it. I am still not sure of the need. And as the blog post says, we’re not convinced that the current DRBG arrangement is something that will never change. But I think a new API, RAND_add_ex that took a flag that had values like RAND_ADD_GLOBAL, RAND_ADD_LOCAL, RAND_ADD_PRIVATE, RAND_LOCAL_PRIVATE indicating which to seed. Thoughts?
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4223 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170820/b6f03576/attachment-0001.bin>
More information about the openssl-dev
mailing list