[openssl-dev] Work on a new RNG for OpenSSL
Salz, Rich
rsalz at akamai.com
Mon Jun 26 18:57:19 UTC 2017
I was asked off-list why we're doing this. A reasonable question. :)
There are many complains about the OpenSSL RNG. For started:
https://github.com/openssl/openssl/issues/2168
https://github.com/openssl/openssl/issues/898
https://github.com/openssl/openssl/issues/2457
https://github.com/openssl/openssl/issues/3125
Also, there's things like this:
It uses MD5
It has a global pool, not per-thread so there's locking
It doesn't use getrandom available on modern Linux systems
It uses other bizarre private hashing and mixes in time and getpid
To summarize, perhaps, let's just say that it is really really outdated. The state of the art has advanced, and we have some catching-up to do.
More information about the openssl-dev
mailing list