[openssl-project] Entropy seeding the DRBG
Paul Dale
paul.dale at oracle.com
Mon Apr 23 22:31:39 UTC 2018
I can possibly provide some input having done similar for a number of platforms and written faster but equivalent entropy assessment code to NIST's (for the second draft of SP 800-90B rather than the final version).
I'm not knowledgeable about VMS though.
We could discuss further at ICMC if you're in the area.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-----Original Message-----
From: Kurt Roeckx [mailto:kurt at roeckx.be]
Sent: Tuesday, 24 April 2018 5:46 AM
To: openssl-project at openssl.org
Subject: Re: [openssl-project] Entropy seeding the DRBG
On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote:
> In the mean time, I've spent a few days going through the docs on all
> kinds of data that you can get out from the VMS kernel, most notably
> through a system service called sys$getrmi()... there's a gazillion
> data points, a treasure trove for anyone that's into statistics. And
> I intend to spend some time trying to estimate what kind of entropy I
> can get out of them...
>
> ... and that's where Kurt came in:
>
> > Can I suggest you try something like
> > https://github.com/usnistgov/SP800-90B_EntropyAssessment to at least
> > get an idea? You would need to sample 1 variable and feed that into
> > it.
>
> And yeah, sure, especially if all it takes is to produce a stream of
> bits from a source and feed that to the assessment program. As long
> as I don't have to port a C++11 program to VMS, 'cause unfortunately,
> the existing C++ compiler hasn't had a real update for quite a while
> :-/ (I'm sure that VSI is quite busy updating all they can, but they
> haven't let anything out yet)
>
> But either way, creating a better entropy gatherer is the longer term
> goal. I hope I get that part done before the release.
Any update on this?
Kurt
_______________________________________________
openssl-project mailing list
openssl-project at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project
More information about the openssl-project
mailing list