[openssl-dev] Plea for a new public OpenSSL RNG API
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue Aug 29 18:50:37 UTC 2017
On 8/29/17, 12:45, "openssl-dev on behalf of Salz, Rich via openssl-dev" <openssl-dev-bounces at openssl.org on behalf of openssl-dev at openssl.org> wrote:
➢ An other problem with the current implemenation is that the
➢ randomness parameter that's now given to RAND_add() is just
➢ ignored, it assumes it's the same as the length.
For what it’s worth, this was done deliberately, make RAND_add and RAND_seed equivalent.
I am skeptical of the ability to get that estimate correct.
Someone on GH there is a conversation thread about turning that into a percentage, which seems like the best thing to do for any new API.
What’s the point of having this potentially harmful parameter? If it weren’t ignored – how would OpenSSL use it?
If, based on its value, OpenSSL may decide that it now got “enough” entropy and doesn’t need to pull more from other sources before serving randomness to requestors – then it is harmful. “Over-confidence” in this value by the caller can negatively impact the quality of the produced random numbers.
If this value is not used to guide OpenSSL when to stop pulling entropy sources and start serving randomness – then it causes no harm, but what’s its purpose?
IMHO this interface is a way for the user to improve the quality of the randomness it would get from the given RNG, *not* to replace (or diminish) its other sources. My proposal is to abolish this parameter, especially since now it is simply ignored (and IMHO – for a good reason).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170829/97840143/attachment.bin>
More information about the openssl-dev
mailing list