[Cryptography] Is Ron right on randomness
ianG
iang at iang.org
Sun Nov 27 14:02:16 EST 2016
On 26/11/2016 09:38, Salz, Rich wrote:
>> Absolutely right. Only TRNGs that make raw data available should be trusted. Further, the source should have a simple physical model which is proven out by measurements, preferably continuously.
>
> Meanwhile, back in the real world... What should OpenSSL do, given the wide number of platforms and huge uninformed community that depends on it, do?
It should read from /dev/urandom [1].
That covers all Mac OSX, all Linux and all Android, which makes for the
majority of devices.
Left over is Microsoft, iOS and misc? Push them to add a file device?
iang
[1] The economics is that the platform can more easily solve this
problem than the application, and should solve this problem.
http://iang.org/ssl/hard_truths_hard_random_numbers.html
More information about the cryptography
mailing list