[openssl-project] Entropy seeding the DRBG

Richard Levitte levitte at openssl.org
Wed May 2 03:52:19 UTC 2018

In message <20180501084317.GA32265 at roeckx.be> on Tue, 1 May 2018 10:43:17 +0200, Kurt Roeckx <kurt at roeckx.be> said:

kurt> If you actually follow SP800-90B, you should make a theoretical
kurt> model of how much entropy you expect, and then use the tool
kurt> to verify that your model is correct.

Errrr...  look, I'm kind of a rookie in this particular area, so errr,
I'm not sure I have the knowledge to think of a theoretical model.
Given a crash course, I can probably come up with *something*, but at
this moment, I don't know where to start.

A side note to this discussion, the way the rand pool routines are
currently implemented, specifically rand_pool_bytes_needed(), we
cannot handle a source with less than 1 entropy bit per 8 bits of
data.  Or well, it can, if that particular routine isn't used, but
considering it's a fairly crucial routine for entropy acquisition, I'd
say it needs a small change.  PR coming up.


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-project mailing list