[openssl-project] Entropy seeding the DRBG

Paul Dale paul.dale at oracle.com
Mon Apr 23 22:31:39 UTC 2018

I can possibly provide some input having done similar for a number of platforms and written faster but equivalent entropy assessment code to NIST's (for the second draft of SP 800-90B rather than the final version).

I'm not knowledgeable about VMS though.

We could discuss further at ICMC if you're in the area.

Dr Paul Dale | Cryptographer | Network Security & Encryption 
Phone +61 7 3031 7217
Oracle Australia

-----Original Message-----
From: Kurt Roeckx [mailto:kurt at roeckx.be] 
Sent: Tuesday, 24 April 2018 5:46 AM
To: openssl-project at openssl.org
Subject: Re: [openssl-project] Entropy seeding the DRBG

On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote:
> In the mean time, I've spent a few days going through the docs on all 
> kinds of data that you can get out from the VMS kernel, most notably 
> through a system service called sys$getrmi()...  there's a gazillion 
> data points, a treasure trove for anyone that's into statistics.  And 
> I intend to spend some time trying to estimate what kind of entropy I 
> can get out of them...
> ... and that's where Kurt came in:
> > Can I suggest you try something like 
> > https://github.com/usnistgov/SP800-90B_EntropyAssessment to at least 
> > get an idea? You would need to sample 1 variable and feed that into 
> > it.
> And yeah, sure, especially if all it takes is to produce a stream of 
> bits from a source and feed that to the assessment program.  As long 
> as I don't have to port a C++11 program to VMS, 'cause unfortunately, 
> the existing C++ compiler hasn't had a real update for quite a while 
> :-/ (I'm sure that VSI is quite busy updating all they can, but they 
> haven't let anything out yet)
> But either way, creating a better entropy gatherer is the longer term 
> goal.  I hope I get that part done before the release.

Any update on this?


openssl-project mailing list
openssl-project at openssl.org

More information about the openssl-project mailing list