VOTE Apply PR#9084 reverting DEVRANDOM_WAIT

Salz, Rich rsalz at akamai.com
Fri Jun 7 19:01:30 UTC 2019


>    The kernel actually already does this in recent versions, if
    configured to do it.
  
"The" kernel. Which one is that?  Which operating system?

Modern Linux is fine.  Is that all we care about?

No issues were raised when the RSA keylength was increased, or MD5 was replaced with SHA1.  In fact, that is a very good example; we get many questions about "why can't I decrypt old text" because of this.  And here we got what, one posting?

1.1.1c made Solaris (and possibly others) more secure. I would be disappointed if 1.1.1d took that away and tried to rationalize that "it's not my job."  *YOU'RE A CRYPTOGRAPHIC LIBRARY* 



More information about the openssl-project mailing list