[openssl-dev] Work on a new RNG for OpenSSL
Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Wed Jun 28 15:09:43 UTC 2017
Thanks for the quick reply. It sounds reasonable to make the default choice depending on the os environment.
For me it is not a religious question what OpenSSL's default choice should be. I trust that you will find a
sensible solution. And if OpenSSL supports both methods I can always make my own choice if I need to.
Regards,
Matthias
On 28.06.2017 16:46, Matt Caswell wrote:
>
> On 28/06/17 15:42, Matthias St. Pierre wrote:
>> Hello Matt,
>>
>> I am not quite sure what your current favourite solution for the upcoming default OpenSSL random generator is. Are you favouring
>>
>> - a DRBG (following SP800-90Ar1) which is using the OS RNG as entropy source for (re-)seeding or
>>
>> - simply passing all generate requests over to the OS RNG?
>>
>> It looks like you made two votes for the first and one vote for the second variant (see below). Could you please clarify your preference?
> Both :-)
>
> i.e. both should be available as an option.
>
> I don't think we will necessary be able to do the latter on all
> platforms that we support.
>
> As for which of the two is the default: where it is available - the
> latter. Where it isn't the former.
>
> Matt
More information about the openssl-dev
mailing list