[openssl-dev] Work on a new RNG for OpenSSL
Paul Dale
paul.dale at oracle.com
Wed Jun 28 02:34:47 UTC 2017
Ben wrote:
> On 06/27/2017 07:24 PM, Paul Dale wrote:
>> The hierarchy of RNGs will overcome some of the
>> performance concerns. Only the root needs to call getrandom().
>> I do agree that having a DRBG at the root level is a good idea though.
> Just to check my understanding, the claim is that adding more layers of hashing and/or encryption will still be faster than a larger number of syscalls?
I'm not sure if it will be faster or not, although it seems likely. The kernel will have to do the same cryptographic operations so using it adds a syscall overhead. If the kernel is doing different cryptographic operations, then it could be faster.
However, I'm more interested in separation of the random sources. I'd prefer to not be sharing my RNG with others if possible. A compromise is unlikely but if one happens it would be nice to limit the damage.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
From: Benjamin Kaduk [mailto:bkaduk at akamai.com]
Sent: Wednesday, 28 June 2017 11:22 AM
To: openssl-dev at openssl.org; Paul Dale <paul.dale at oracle.com>
Subject: Re: [openssl-dev] Work on a new RNG for OpenSSL
-Ben
More information about the openssl-dev
mailing list