[openssl-dev] Work on a new RNG for OpenSSL
Salz, Rich
rsalz at akamai.com
Wed Jun 28 00:11:54 UTC 2017
> I think we can get away with using OS-provided randomness directly in many common cases. /dev/urandom suffices once we know that the kernel RNG has been properly seeded. On FreeBSD, /dev/urandom blocks until the kernel RNG is seeded; on other systems maybe we have to make one read from /dev/random to get the blocking behavior we want before switching to /dev/urandom for bulk reads.
It's not a question of "get away with."
If the O/S libraries provides random bytes, like CryptGenRandom in windows or arc4random() then we should just wrap those functions and use them by default. If the O/S kernel provides random bytes, then we should use those bytes to seed (and to reseed) for a DRBG generator.
We should allow applications to save/restore state, such as on reboot.
More information about the openssl-dev
mailing list