[Cryptography] Is Ron right on randomness
waywardgeek at gmail.com
Wed Nov 30 08:59:24 EST 2016
On Sat, Nov 26, 2016 at 6:38 AM, Salz, Rich <rsalz at akamai.com> wrote:
> > Absolutely right. Only TRNGs that make raw data available should be
> trusted. Further, the source should have a simple physical model which is
> proven out by measurements, preferably continuously.
> Meanwhile, back in the real world... What should OpenSSL do, given the
> wide number of platforms and huge uninformed community that depends on it,
I just learned on another thread that Linux provided a fixed API. The new
right answer on Linux is to call getrandom:
It's in linux 3.17. My Ubuntu 14.04 laptop upgraded to 3.19, so I had
it... Then it upgraded to 4.2.0, and now I no longer have it. Grrr...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography