[openssl-users] Seeding before RSA key generation

Matt Caswell matt at openssl.org
Thu Oct 4 15:47:39 UTC 2018

On 04/10/18 16:14, Salz, Rich via openssl-users wrote:
> Which version of OpenSSL are you using?
> 1.0.2 and 1.1.0 have a bad random number generator and must be explicitly seeded.

This is not correct. The RNG in 1.0.2 and 1.1.0 automatically seeds.
There is no need to explicitly seed it. I also wouldn't describe it as
"bad". 1.1.1 has a much better RNG, but there is no reason not to trust
and use the 1.0.2 and 1.1.0 RNG.

>  1.1.1 has a good random number generator and auto-seeds.

1.0.2 and 1.1.0 auto seed. 1.1.1 additionally auto-*re*seeds.


More information about the openssl-users mailing list