[Cryptography] OpenSSL CSPRNG work

Watson Ladd watsonbladd at gmail.com
Fri Jul 7 10:46:46 EDT 2017


On Thu, Jul 6, 2017 at 10:17 PM, Christian Huitema <huitema at huitema.net> wrote:
>
>
> On 7/6/2017 4:38 PM, Theodore Ts'o wrote:
>> You still have to solve the problem of how do you reliable and secure
>> the seed when the system is booted for the first time right after it
>> has been unpacked from the box.  That can potentially be quite
>> difficult, since it's likely going to be different for each consumer
>> electronics device that is using Linux.
> What is the easiest, convincing device makers to safely manage such a
> seed, or convincing them to add some kind of hardware generator of
> randomness?

This is not a problem on recent x86: just use RDRAND. We need more CPU
makers to do the same, and more efficient designs for doing it.

>
> --
> Christian Huitema
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.


More information about the cryptography mailing list