[openssl-users] RNG behavior by default

Mike Blaguszewski mikeb at preveil.com
Thu Jan 3 16:03:01 UTC 2019

I am using the EVP API (version 1.1.1) for performing public key and symmetric key operations across a variety of platforms (macOS, Windows, Linux, iOS and Android). I am currently not doing anything to explicitly seed OpenSSL’s random number generator. My understanding is that the default behavior <https://www.openssl.org/blog/blog/2017/08/12/random/> should be cryptographically secure.

So my concerns are:
1. Whether I really can count on getting a high-entropy PRNG across these various platforms, without any explicit initialization.
2. If something goes wrong with PRNG initialization, that it will fail hard rather than fall back to something less secure. And if so how I detect such a failure.

Our current implementation uses libsodium, which relies on the usual system calls to generate entropy, so if I can count on OpenSSL always doing this then I’m happy. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190103/91146468/attachment-0001.html>

More information about the openssl-users mailing list