[Cryptography] OpenSSL and random
Nico Williams
nico at cryptonector.com
Thu Dec 1 22:47:02 EST 2016
On Thu, Dec 01, 2016 at 09:42:59PM -0500, Theodore Ts'o wrote:
> On Thu, Dec 01, 2016 at 06:39:46PM -0600, Nico Williams wrote:
> > It might be nice to be get an indication of entropy quality from the OS.
> > At minimum a boolean (true -> real entropy, false -> meh entropy).
> > _Perhaps_ also an indication of when was the last time new entropy was
> > stirred in. (Anything more would be overkill and hard to use well.)
>
> We do give such a an indication. For example:
>
> random: systemd: uninitialized urandom read (16 bytes read, 3 bits of entropy available)
I meant: in the API. A dmesg does the app no good.
Python could use lame rng seeds for hash table randomization, note the
lameness, and reseed later when cryptographically-secure an rng is
needed.
More information about the cryptography
mailing list