[openssl-dev] Work on a new RNG for OpenSSL

Matt Caswell matt at openssl.org
Wed Jun 28 14:46:31 UTC 2017 


On 28/06/17 15:42, Matthias St. Pierre wrote:
> Hello Matt,
> 
> I am not quite sure what your current favourite solution for the upcoming default OpenSSL random generator is. Are you favouring
> 
> - a DRBG  (following SP800-90Ar1) which is using the OS RNG as entropy source for (re-)seeding  or
> 
> - simply passing all generate requests over to the OS RNG?
> 
> It looks like you made two votes for the first and one vote for the second variant (see below). Could you please clarify your preference?

Both :-)

i.e. both should be available as an option.

I don't think we will necessary be able to do the latter on all
platforms that we support.

As for which of the two is the default: where it is available - the
latter. Where it isn't the former.

Matt



> 
> Regards,
> 
> Matthias St. Pierre
> 
> 
> Vote 1:
> 
> On 27.06.2017 09:28, Matt Caswell wrote:
>> On 26/06/17 21:18, Kurt Roeckx wrote:
>>>>   “Recommendation for Random Number Generation Using Deterministic Random Bit Generators”
>>>>   http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
>>>>
>>>> That design may look complicated, but if you think you can
>>>> leave out some of the blocks in their diagram, proceed with
>>>> caution.  Every one of those blocks is there for a reason.
>>> SP800-90A (or revision 1) can clearly be used as reference on how
>>> to implement it, even if we don't use an approved algorithm from
>>> it. And I really think we should look at that document when
>>> implementing it.
>>>
>>> There should probably also be an option to use an RNG that
>>> conforms to it.
>> I am strongly in favour of this approach. We should be led by standards.
>>
> 
> Vote 2:   (comment on PR #3789: WIP: Add DRBG random method)
> 
> https://github.com/openssl/openssl/pull/3789#issuecomment-311494544
> 
> 
> Vote 3:
> 
> 
> On 28.06.2017 11:29, Matt Caswell wrote:
>> On 27/06/17 19:50, Benjamin Kaduk wrote:
>>> On 06/27/2017 02:28 AM, Matt Caswell wrote:
>>>> On 26/06/17 21:18, Kurt Roeckx wrote:
>>>>
>>>>> I think it should by default be provided by the OS, and I don't
>>>>> think any OS is documenting how much randomness it can provide.
>>>>>
>>>> I also agree that, by default, using the OS provided source makes a lot
>>>> of sense.
>>>>
>>> Do you mean having openssl just pass through to
>>> getrandom()/read()-from-'/dev/random'/etc. or just using those to seed
>>> our own thing?
>> I meant the former.
>>
>> Matt
>

More information about the openssl-dev mailing list