[Cryptography] OpenSSL and random
Viktor Dukhovni
cryptography at dukhovni.org
Sat Dec 3 02:32:53 EST 2016
> On Dec 2, 2016, at 12:26 PM, Nico Williams <nico at cryptonector.com> wrote:
>
> What I really want is an API that lets me specify my app's minimum
> entropy requirement, and returns an error if that minimum cannot be met.
Surely this is not needed. The device never blocks except in early
boot. So the issue is rather moot for the vast majority of applications.
As for Python, it needs to accept crappy entropy for its hash table salt,
if it is to be usable in initrd.
It rather seems that there's good consensus around never block except
perhaps for a few seconds after boot, and for some care in early boot
applications that block the boot process.
We can probably wrap up much of this perma-thread at this point. To
the extent that much of it may have been non-productive, apologies to
everyone for starting it, I should have known better...
In the mean-time I have some pull-requests sitting in the queue for
Haskell's TLS and X.509 stacks that look like they'll likely get
adopted, and perhaps at some point later I'll get around to the RNG,
but that'll be a while, I have other priorities just at the moment.
--
Viktor.
More information about the cryptography
mailing list