[Cryptography] Is Ron right on randomness
Bill Cox
waywardgeek at gmail.com
Mon Nov 28 11:46:54 EST 2016
On Sun, Nov 27, 2016 at 11:02 AM, ianG <iang at iang.org> wrote:
> On 26/11/2016 09:38, Salz, Rich wrote:
>
>> Absolutely right. Only TRNGs that make raw data available should be
>>> trusted. Further, the source should have a simple physical model which is
>>> proven out by measurements, preferably continuously.
>>>
>>
>> Meanwhile, back in the real world... What should OpenSSL do, given the
>> wide number of platforms and huge uninformed community that depends on it,
>> do?
>>
>
> It should read from /dev/urandom [1]
Ian, would you agree that something on the platform needs to first ensure
that /dev/random is well seeded before OpenSSL reads from /dev/urandom? I
suggested perhaps OpenSSL should read 1024 bits from /dev/random, and all
later bits from /dev/urandom, but then every app that needs
cryptographically unpredictable numbers would each independently reseed the
entropy pool.
Maybe Linux could provide a way to read total entropy generated since
boot? That could be used to compute how much data to read from
/dev/random, and in most cases it would be 0.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161128/0c0eeec4/attachment.html>
More information about the cryptography
mailing list