[openssl-dev] Work on a new RNG for OpenSSL
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Mon Aug 21 16:20:50 UTC 2017
> I at least have a plan to add additional data, but probably not in
> the current idea was probably not the way you would like to see it.
:-)
> My idea was to query at least various sources that we don't
> attribute any entropy to, like getpid(), gettimeofday(),
> clock_gettime(), the TSC, ...
>From my point of view – adding these doesn’t add a whole lot, but it doesn’t hurt. IMHO – add away. ;-)
> It might also use things like RDRAND / RDSEED which we don't trust.
Some don’t trust these, some think that they would add a good amount of entropy. I for one would certainly like to see the output of these mixed in. >From cryptography point of view, it cannot hurt, but may help a lot. Consider it as a lottery ticket you don’t have to pay for. ;-)
> So I guess you want an interface that can both add things to the
> "entropy" pool, and to the "additional data" pool?
That is correct. Especially because some of us have “real” nice/fancy hardware RNG (TRNG) available, and some like to mix in the output from RNGs on hardware tokens - maybe not as impressive as a “real” fancy TRNG, but as they say, every bit helps – in this case literally.
> It shouldn't be that hard, I'll try to come up with some proposal soon.
Thank you!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170821/46a73460/attachment-0001.bin>
More information about the openssl-dev
mailing list