[Cryptography] OpenSSL CSPRNG work
Nemo
nemo at self-evident.org
Tue Jun 27 13:42:09 EDT 2017
"Salz, Rich" <rsalz at akamai.com> writes:
> We're starting to work on a new CSPRNG for OpenSSL release 1.1.1 (the
> main point of that release is TLS 1.3, so we think it will have a lot
> of uptake).
Have you read "Cryptographic Right Answers" from Thomas Ptacek, who
actually knows what he is talking about?
https://gist.github.com/tqbf/be58d2d39690c3b366ad
Use /dev/urandom.
Avoid: userspace random number generators, havaged, prngd, egd,
/dev/random
Why on earth would you put something as critical as random number
generation into some complex userspace monstrosity?
I am fairly confident you will ignore this advice, but could you please
do me one small favor? Go ask on crypto.stackexchange.com and see what
kind of response you get
- Nemo
More information about the cryptography
mailing list