[Cryptography] OpenSSL and random

Viktor Dukhovni cryptography at dukhovni.org
Mon Nov 28 15:09:14 EST 2016

> On Nov 28, 2016, at 11:30 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> Read N bits (like 1024) bits from /dev/random when OpenSSL first needs random data, and throw them away.  Thereafter, read only from /dev/urandom.

No.  OpenSSL is a library, not a sub-system started at boot time
that runs for the lifetime of the system.  The above advice would
block at the start of every (often short-lived) process that uses
OpenSSL.  This is entirely impractical.

If /dev/urandom fails to provide good entropy at boot time then
the problem needs to be fixed there, not OpenSSL.  What OpenSSL
can do, is mix /dev/urandom with RDSEED or RDRAND when available,
just in case it is running "early" (perhaps on first boot) and
/dev/urandom has not been improved on the system in question.

[ The kind of "improvement" described recently on list for Ubuntu
  is not what I have in mind.  That particular approach should
  IMHO be   withdrawn and archived as a good example of what not
  to do. ]


More information about the cryptography mailing list