[openssl-dev] what's possible and what's not ... including RNGs
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Thu Jun 29 18:45:40 UTC 2017
Knowledge of the platform is a required part of the OpenSSL configuration. If the platform supports HRNG (usually in the form of CPU instructions), use it: let OpenSSL mix its output with whatever other randomness sources it picks on that platform/system. IMHO that’s the best strategy.
Thankfully, many of the newer platforms support those instructions. For those that don’t – you’d have to either rely on the OS, or try to play OS (which is difficult if the OS is not friendly, and impossible if the OS is hostile).
PGP used to collect randomness from the user keyboard input. That may be fine for some applications – but a no-go for a library, IMHO.
--
Regards,
Uri Blumenthal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170629/d66b8772/attachment-0001.bin>
More information about the openssl-dev
mailing list