[openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)
Kurt Roeckx
kurt at roeckx.be
Sat Apr 7 19:02:51 UTC 2018
On Sat, Apr 07, 2018 at 06:49:50PM +0200, Richard Levitte wrote:
> Hmmmm... case 4 shouldn't pose too much problems unless you restart
> the application more than once every second or so (for a 1 second
> resolution). On VMS, the system time is kept with 100 nanosecond
> granularity... this doesn't mean that it's actually updated every 100
> nanosecond, but the possibility is there when VMS runs on fast enough
> hardware (a VAX is decidedly not in that range, Alpha has a minimum
> update rate of 1ms, Itaniums are faster than most Alphas...). Either
> way, the timestamp is 64 bits, it seems that then, we'd add a 64-bit
> counter to match the 128 bit nonce requirement, do I get that right?
The requirement is not to have it 128 bit. Just that it doesn't
repeat as often as a 128 random number. You're most likely not
going to instantiate it 2^64 times. As long as the combination is
unique, it should be fine.
(It does say that it needs to be at least 128 bit, but I think
that's actually only in the case that you use a random number.)
Kurt
More information about the openssl-project
mailing list