[openssl-users] Seeding before RSA key generation
Salz, Rich
rsalz at akamai.com
Thu Oct 4 15:38:48 UTC 2018
> What's supposedly bad about the 1.0.x/1.1.0 OpenSSL RNG other
than not being an NSA/NIST design?
Poor locking; been known to crash.
Does not reseed.
Global across the process, rather than isolated for private-key generation or per-connection.
Mixes in getpid and time to get "better" random bytes.
Has a "pseudo-rand" feature.
Never was cryptographically evaluated.
More information about the openssl-users
mailing list