[openssl-dev] Work on a new RNG for OpenSSL

Salz, Rich rsalz at akamai.com
Tue Jun 27 12:55:14 UTC 2017


> > Well maybe I can ignore section 10.3?
> >
> 
> That's a nice joke Rich, but the Dual_EC_DRBG chapter has been dropped in
> SP800-90Ar1, which supersedes SP800-90A:

I know.  I was trying to gently point out that even John makes mistakes :)

> - Do you intend to continue supporting RAND_set_rand_method() or will
> there only be one 'perfect' random generator and no choice anymore?

This will continue to work.
 
> - Do you consider the SP800-90A DRBG outdated or will there be a chance
> that it will be added to the OpenSSL master as
>   officially supported RAND method?

That's a great idea, I can work on that now.

> - Will the new OpenSSL RNG support a way to configure reseed intervals and
> external entropy sources in a similar fashion
>   as the FIPS DRBG did?

That's three questions :)  But yes, we should address that.  I'm not sure if new RAND API's are the way to go or perhaps a RAND_control API that gives us a bit more flexibility.



More information about the openssl-dev mailing list