[Cryptography] OpenSSL and random
Bill Frantz
frantz at pwpconsult.com
Fri Dec 2 00:24:18 EST 2016
On 11/30/16 at 11:43 AM, jsd at av8n.com (John Denker) wrote:
>I say again: /dev/random must learn to never block, and /dev/urandom
>must learn to never emit untrustworthy bits, whereupon the specification
>is the same for both. The same goes for getrandom() and getentropy():
>they must never block, and they must never emit untrustworthy bits.
I think we would all love to be in this state. How do we get
there? What does OpenSSL do since it lives in the real world? I
think that Bear's solution is the best I've seen. The disto
people have to figure out how to delay using random/urandom
until it is initialized. Not screwing this up will become a
requirement for components used in early boot.
On 11/30/16 at 4:30 PM, bear at sonic.net (Ray Dillinger) wrote:
>If it does block before runlevel is reached, that is a plain
>configuration error that the distro people designing the boot scripts
>will need to fix. It will mean, for the very same reason you just cited,
>that nobody will use their broken distro. This is, in many ways, an
>ideal solution.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz |Security, like correctness, is| Periwinkle
(408)356-8506 |not an add-on feature. - Attr-| 16345
Englewood Ave
www.pwpconsult.com |ibuted to Andrew Tanenbaum | Los Gatos,
CA 95032
More information about the cryptography
mailing list