[Cryptography] OpenSSL and random
Viktor Dukhovni
cryptography at dukhovni.org
Mon Nov 28 15:09:14 EST 2016
> On Nov 28, 2016, at 11:30 AM, Bill Cox <waywardgeek at gmail.com> wrote:
>
> Read N bits (like 1024) bits from /dev/random when OpenSSL first needs random data, and throw them away. Thereafter, read only from /dev/urandom.
No. OpenSSL is a library, not a sub-system started at boot time
that runs for the lifetime of the system. The above advice would
block at the start of every (often short-lived) process that uses
OpenSSL. This is entirely impractical.
If /dev/urandom fails to provide good entropy at boot time then
the problem needs to be fixed there, not OpenSSL. What OpenSSL
can do, is mix /dev/urandom with RDSEED or RDRAND when available,
just in case it is running "early" (perhaps on first boot) and
/dev/urandom has not been improved on the system in question.
[ The kind of "improvement" described recently on list for Ubuntu
is not what I have in mind. That particular approach should
IMHO be withdrawn and archived as a good example of what not
to do. ]
--
Viktor.
More information about the cryptography
mailing list