[openssl-dev] Work on a new RNG for OpenSSL
Benjamin Kaduk
bkaduk at akamai.com
Tue Jun 27 18:50:11 UTC 2017
On 06/27/2017 02:28 AM, Matt Caswell wrote:
>
> On 26/06/17 21:18, Kurt Roeckx wrote:
>
>> I think it should by default be provided by the OS, and I don't
>> think any OS is documenting how much randomness it can provide.
>>
> I also agree that, by default, using the OS provided source makes a lot
> of sense.
>
Do you mean having openssl just pass through to
getrandom()/read()-from-'/dev/random'/etc. or just using those to seed
our own thing?
The former seems simpler and preferable to me (perhaps modulo linux's
broken idea about "running out of entropy"), but the argument presented
about us being used in all sorts of environments that we can't even
enumerate has basically convinced me that we will need to provide some
alternative as well. (It remains unclear how such environments will be
able to provide usable seed randomness, but there is only so much we can
do about that.)
-Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170627/48801c70/attachment.html>
More information about the openssl-dev
mailing list