[Cryptography] OpenSSL CSPRNG work
Ondrej Mikle
ondrej.mikle at gmail.com
Mon Jul 10 18:44:00 EDT 2017
On 07/08/2017 05:38 PM, Theodore Ts'o wrote:
>
> That was on an Intel architecture. The architectures I'm most
> concerned about are ARM and MIPS, some of which don't have a
> high-resolution timer, nor a cycle counter, nor RDRAND.
>
> And cheap-sh*t rounters tend not be to be using x86. Nor do the $40
> Android tablets you can pick up at Shenzhen market. I'm not sure how
> many of the cheap-sh*t routers are using glibc, though. They may all
> be using some other C library in which case maybe it doesn't matter to
> you....
I've tackled this for Turris and Turris Omnia routers. We added RNG for ~ $1
(and it was not that great of a RNG). The point being, if your shitty router has
nowhere to get entropy from, there's no help. You either provide some seed at
factory or rely on on RNG that is onboard.
OM
More information about the cryptography
mailing list