Remove All Software Generators
Kurt Roeckx
kurt at roeckx.be
Thu Oct 31 16:24:15 UTC 2019
On Wed, Oct 30, 2019 at 02:12:19PM -0000, Frederick Gotham wrote:
>
> It appears that OpenSSL will kick and scream and refuse to die not
> matter how hard you hit it. If I try to generate a random number like
> this:
>
> openssl rand -hex 8
>
> Then it seems it will try in this order:
>
> 1) The TPM2 chip
> 2) The software simulator of the TPM2 chip
> 3) The built-in RDRAND number
> 4) Another one that I can't find
Which version of OpenSSL are you using?
> I have recompiled OpenSSL with the flag OPENSSL_NO_RDRAND to get rid of
> the in-built engine. I have even done "rm /dev/random" and "rm
> /dev/urandom", but SOME HOW, SOME WAY, I'm still getting output when I
> run openssl rand -hex 8.
Depending on the version of OpenSSL and the kernel, you might also
use the getentropy()/getrandom() cal.
Since 1.1.0 we Configure supports the --with-rand-seed=none
option.
Kurt
More information about the openssl-users
mailing list