[openssl-project] Entropy seeding the DRBG
Kurt Roeckx
kurt at roeckx.be
Tue Apr 24 17:24:40 UTC 2018
On Tue, Apr 24, 2018 at 07:20:42AM +0200, Richard Levitte wrote:
> Like I think I mentioned a few days ago, I'm currently on a conference. I'll take this up in more depth later this week.
>
> I have a question, though... Kurt said at some point that all that was needed on the VMS side was to collect data, the rest can be done elsewhere (thankfully). However, I don't really understand what the collected data is supposed to be. Just the same stream of bytes that I would feed the entropy acquisition, or something else? Is the time delta between samples a factor in this?
The API support getting data that has 1 bit of entropy per 128 bit
received (DRBG_MINMAX_FACTOR). If it's worse than that, you might
have to write your own extract method.
A stream of bytes it just fine.
I think the tme delta will really depend on your source. If it really
changes all the time, it really doesn't matter much how fast you
do it. But I think some (most?) of the variables don't change that
often.
Kurt
More information about the openssl-project
mailing list