[openssl-project] Entropy seeding the DRBG

Kurt Roeckx kurt at roeckx.be
Tue Apr 24 17:24:40 UTC 2018

On Tue, Apr 24, 2018 at 07:20:42AM +0200, Richard Levitte wrote:
> Like I think I mentioned a few days ago, I'm currently on a conference. I'll take this up in more depth later this week.
> I have a question, though... Kurt said at some point that all that was needed on the VMS side was to collect data, the rest can be done elsewhere (thankfully). However, I don't really understand what the collected data is supposed to be. Just the same stream of bytes that I would feed the entropy acquisition, or something else? Is the time delta between samples a factor in this?

The API support getting data that has 1 bit of entropy per 128 bit
received (DRBG_MINMAX_FACTOR). If it's worse than that, you might
have to write your own extract method.

A stream of bytes it just fine.

I think the tme delta will really depend on your source. If it really
changes all the time, it really doesn't matter much how fast you
do it. But I think some (most?) of the variables don't change that


More information about the openssl-project mailing list