[Cryptography] Is Ron right on randomness

ianG iang at iang.org
Sun Nov 27 14:02:16 EST 2016

On 26/11/2016 09:38, Salz, Rich wrote:
>> Absolutely right.  Only TRNGs that make raw data available should be trusted.  Further, the source should have a simple physical model which is proven out by measurements, preferably continuously.
> Meanwhile, back in the real world...  What should OpenSSL do, given the wide number of platforms and huge uninformed community that depends on it, do?

It should read from /dev/urandom [1].

That covers all Mac OSX, all Linux and all Android, which makes for the 
majority of devices.

Left over is Microsoft, iOS and misc?  Push them to add a file device?


[1] The economics is that the platform can more easily solve this 
problem than the application, and should solve this problem.

More information about the cryptography mailing list