[openssl-users] Seeding before RSA key generation
jb-openssl at wisemo.com
Thu Oct 4 15:58:43 UTC 2018
On 04/10/2018 17:38, Salz, Rich wrote:
>> What's supposedly bad about the 1.0.x/1.1.0 OpenSSL RNG other
> than not being an NSA/NIST design?
> Poor locking; been known to crash.
Simple bug, not a reason to change the algorithm.
> Does not reseed.
But can be reseeded if so desired, subject to locking.
> Global across the process, rather than isolated for private-key generation or per-connection.
This is good, not bad.
> Mixes in getpid and time to get "better" random bytes.
This gives 2 to 5 extra bits on machines with little available entropy,
provided init is not done too early in the machine boot process. There
seem to be much stronger sources loaded where available.
> Has a "pseudo-rand" feature.
This is a clearly marked feature useful when the entropy sources are
significantly slower than the random bit need, such as on a busy TLS
server with a serial port (or slower) entropy source.
> Never was cryptographically evaluated.
By whom?, I would expect the very public OpenSSL RNG to have been
subjected to lots of 3rd party review outside the Foundation.
The new design is taken from a document that was insufficiently publicly
reviewed and was later found to contain a likely backdoor in one of its
other suggested RNG designs, making the entire document highly dubious.
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users