[openssl-dev] Work on a new RNG for OpenSSL

[Blumenthal, Uri - 0553 - MITLL]

Defence in depth seems prudent: independent sources with agglomeration and whitening.

As Kurt noted, [on modern OSes,] it is really unclear what sources are available to us that are not already being used by the kernel.

 

I would turn to hardware. Since OpenSSL already has assembly-level optimization for various CPU types, accessing instructions like RDSEED and RDRAND (when available) doesn’t sound too hard. Mix their output into the seed. It can only improve the result.

 

So, [on these same modern OSes,] what benefit do we really get from using multiple "independent" sources?  They are unlikely to actually be independent if the kernel is consuming them as well and we consume the kernel.

 

Depends on what you mean by “independent”. A completely different mechanism – probably not. A mechanism whose output bits/bytes are not (tractably) correlated? Probably yes.



We shouldn't trust the user to provide entropy. 
 
Definitely. 

 

No.  We shouldn’t trust the user to provide all entropy – but should welcome user’s contribution to the entropy pool.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170628/d7d4c4dc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170628/d7d4c4dc/attachment.bin>