[openssl-dev] Work on a new RNG for OpenSSL
rsalz at akamai.com
Tue Jun 27 12:55:14 UTC 2017
> > Well maybe I can ignore section 10.3?
> That's a nice joke Rich, but the Dual_EC_DRBG chapter has been dropped in
> SP800-90Ar1, which supersedes SP800-90A:
I know. I was trying to gently point out that even John makes mistakes :)
> - Do you intend to continue supporting RAND_set_rand_method() or will
> there only be one 'perfect' random generator and no choice anymore?
This will continue to work.
> - Do you consider the SP800-90A DRBG outdated or will there be a chance
> that it will be added to the OpenSSL master as
> officially supported RAND method?
That's a great idea, I can work on that now.
> - Will the new OpenSSL RNG support a way to configure reseed intervals and
> external entropy sources in a similar fashion
> as the FIPS DRBG did?
That's three questions :) But yes, we should address that. I'm not sure if new RAND API's are the way to go or perhaps a RAND_control API that gives us a bit more flexibility.
More information about the openssl-dev