[Cryptography] Is Ron right on randomness

Bill Cox waywardgeek at gmail.com
Mon Nov 28 11:46:54 EST 2016

On Sun, Nov 27, 2016 at 11:02 AM, ianG <iang at iang.org> wrote:

> On 26/11/2016 09:38, Salz, Rich wrote:
>> Absolutely right.  Only TRNGs that make raw data available should be
>>> trusted.  Further, the source should have a simple physical model which is
>>> proven out by measurements, preferably continuously.
>> Meanwhile, back in the real world...  What should OpenSSL do, given the
>> wide number of platforms and huge uninformed community that depends on it,
>> do?
> It should read from /dev/urandom [1]

Ian, would you agree that something on the platform needs to first ensure
that /dev/random is well seeded before OpenSSL reads from /dev/urandom?  I
suggested perhaps OpenSSL should read 1024 bits from /dev/random, and all
later bits from /dev/urandom, but then every app that needs
cryptographically unpredictable numbers would each independently reseed the
entropy pool.

Maybe Linux could provide a way to read total entropy generated since
boot?  That could be used to compute how much data to read from
/dev/random, and in most cases it would be 0.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161128/0c0eeec4/attachment.html>

More information about the cryptography mailing list