[Cryptography] OpenSSL and random
Ben Laurie
ben at links.org
Fri Dec 2 13:22:09 EST 2016
On 2 December 2016 at 05:24, Bill Frantz <frantz at pwpconsult.com> wrote:
> On 11/30/16 at 11:43 AM, jsd at av8n.com (John Denker) wrote:
>
>> I say again: /dev/random must learn to never block, and /dev/urandom
>> must learn to never emit untrustworthy bits, whereupon the specification
>> is the same for both. The same goes for getrandom() and getentropy():
>> they must never block, and they must never emit untrustworthy bits.
>
>
> I think we would all love to be in this state. How do we get there?
I already explained how: measure device startup times (and by "device"
I mean the kind of devices you can do nothing until they're running,
like USB hubs and boot disks).
> What
> does OpenSSL do since it lives in the real world?
https://github.com/openssl/openssl/blob/master/crypto/rand/rand_unix.c
> I think that Bear's
> solution is the best I've seen. The disto people have to figure out how to
> delay using random/urandom until it is initialized. Not screwing this up
> will become a requirement for components used in early boot.
>
> On 11/30/16 at 4:30 PM, bear at sonic.net (Ray Dillinger) wrote:
>
>> If it does block before runlevel is reached, that is a plain
>> configuration error that the distro people designing the boot scripts
>> will need to fix. It will mean, for the very same reason you just cited,
>> that nobody will use their broken distro. This is, in many ways, an
>> ideal solution.
>
>
> Cheers - Bill
>
> -----------------------------------------------------------------------
> Bill Frantz |Security, like correctness, is| Periwinkle
> (408)356-8506 |not an add-on feature. - Attr-| 16345 Englewood Ave
> www.pwpconsult.com |ibuted to Andrew Tanenbaum | Los Gatos, CA 95032
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list