[Cryptography] OpenSSL and random
Jason Cooper
cryptography at lakedaemon.net
Fri Dec 2 11:52:56 EST 2016
On Thu, Dec 01, 2016 at 09:24:18PM -0800, Bill Frantz wrote:
> On 11/30/16 at 11:43 AM, jsd at av8n.com (John Denker) wrote:
>
> >I say again: /dev/random must learn to never block, and /dev/urandom
> >must learn to never emit untrustworthy bits, whereupon the specification
> >is the same for both. The same goes for getrandom() and getentropy():
> >they must never block, and they must never emit untrustworthy bits.
>
> I think we would all love to be in this state. How do we get there?
> What does OpenSSL do since it lives in the real world? I think that
> Bear's solution is the best I've seen. The disto people have to
> figure out how to delay using random/urandom until it is
> initialized. Not screwing this up will become a requirement for
> components used in early boot.
I hate to be pedantic, but how about not creating the /dev/[u]random
nodes until sufficient entropy is achieved?
thx,
Jason.
More information about the cryptography
mailing list