Remove All Software Generators

Kurt Roeckx kurt at
Thu Oct 31 16:24:15 UTC 2019

On Wed, Oct 30, 2019 at 02:12:19PM -0000, Frederick Gotham wrote:
> It appears that OpenSSL will kick and scream and refuse to die not 
> matter how hard you hit it. If I try to generate a random number like 
> this:
>     openssl rand -hex 8
> Then it seems it will try in this order:
> 1) The TPM2 chip
> 2) The software simulator of the TPM2 chip
> 3) The built-in RDRAND number
> 4) Another one that I can't find

Which version of OpenSSL are you using?

> I have recompiled OpenSSL with the flag OPENSSL_NO_RDRAND to get rid of 
> the in-built engine. I have even done "rm /dev/random" and "rm 
> /dev/urandom", but SOME HOW, SOME WAY, I'm still getting output when I 
> run openssl rand -hex 8.

Depending on the version of OpenSSL and the kernel, you might also
use the getentropy()/getrandom() cal.

Since 1.1.0 we Configure supports the --with-rand-seed=none


More information about the openssl-users mailing list