[openssl-users] Seeding before RSA key generation
paul.dale at oracle.com
Thu Oct 4 23:33:24 UTC 2018
Not mentioned thus far is that if you are using 1.0.2 with FIPS support, the random number generator does not self-seed.
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
From: Andres Traumann [mailto:andres.traumann.01 at gmail.com]
Sent: Friday, 5 October 2018 3:54 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] Seeding before RSA key generation
Thank you for your help.
On 10/4/18 6:47 PM, Matt Caswell wrote:
> On 04/10/18 16:14, Salz, Rich via openssl-users wrote:
>> Which version of OpenSSL are you using?
>> 1.0.2 and 1.1.0 have a bad random number generator and must be explicitly seeded.
> This is not correct. The RNG in 1.0.2 and 1.1.0 automatically seeds.
> There is no need to explicitly seed it. I also wouldn't describe it as
> "bad". 1.1.1 has a much better RNG, but there is no reason not to
> trust and use the 1.0.2 and 1.1.0 RNG.
>> 1.1.1 has a good random number generator and auto-seeds.
> 1.0.2 and 1.1.0 auto seed. 1.1.1 additionally auto-*re*seeds.
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users