[Cryptography] OpenSSL CSPRNG work
Ray Dillinger
bear at sonic.net
Thu Jul 6 20:41:49 EDT 2017
On 07/06/2017 06:42 AM, Mark Steward wrote:
> If good randomness is really becoming critical to early startup, does it
> make sense to treat it like a broken filesystem and explicitly halt?
Yes. Absolutely it does.
Anything using bits that MUST be unpredictable, can either wait until
after the machine is booted up far enough to have them, or else it is
badly designed software and SHOULD cause boot to hang, every time,
unconditionally, either until it is fixed or moved out of the critical
early-boot path.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170706/4b2ff091/attachment.sig>
More information about the cryptography
mailing list