[openssl-project] DRBGs, threads and locking
Kurt Roeckx
kurt at roeckx.be
Wed Mar 14 16:57:13 UTC 2018
On Wed, Mar 14, 2018 at 12:49:46PM +0000, Salz, Rich wrote:
> So is having a high-quality, lockless (per-thread) CSPRNG good enough for now? Phrased like that, I think so. We have enough other stuff to do. So +1 to Kurt's per-thread approach.
I think it's better than what we have in 1.1.0. And if we think we
can improve it, I suggest we improve it after 1.1.1.
So I think the discussion is both about speed and security.
>From what I understand from various things is that the random
number generate is now for some workloads at least a limiting
factor. Having it lockless and per thread is both the easiest
thing to do and gives the best performance.
When it comes to security, there seems to be a concern that from
the public data it might be possible to determine the internal
state, and that this might possibly have an effect on the security
of a different connection. But we have the same situation now in
1.1.0. And I'm still waiting for people to properly explain that
having it per SSL is better or not, there at least doesn't seem
to be an agreement on that part.
Kurt
More information about the openssl-project
mailing list