[Cryptography] OpenSSL and random
Bill Cox
waywardgeek at gmail.com
Tue Nov 29 01:35:15 EST 2016
I think I see some potential for consensus here: Read from /dev/urandom,
but only once it is properly seeded. It is the OS's job to properly seed
/dev/urandom and to make it block until this has happens.
Since Linux does not do this today, I'll stick with my "Don't change
OpenSSL" advice for now, but if we can, we should lobby for /dev/urandom to
stop feeding us predictable bits before proper seeding. Predictable bits
suck for crypto.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161128/760b1fe2/attachment.html>
More information about the cryptography
mailing list