[Cryptography] OpenSSL CSPRNG work
Salz, Rich
rsalz at akamai.com
Sat Jul 1 15:10:10 EDT 2017
> Again, I humbly request that, whatever clever userspace machinery you
> devise, please disable it completely by default on any system with
> getrandom() / getentropy() / etc. (Key words are "by default". Sure, provide
> APIs for enabling whatever you want... But by default, please just use the
> system's provided mechanisms.)
This is unlikely to happen *as the default* because of DoS concerns; see Colm's posts and tweets on this. It will be possible to make RAND_bytes() do nothing but call a function you specify, but that will have to be enabled at configuration time. Most likely, the O/S will be used to seed/reseed an AES-CTR DRBG implementation.
More information about the cryptography
mailing list