[Cryptography] OpenSSL CSPRNG work

Nemo nemo at self-evident.org
Tue Jun 27 13:42:09 EDT 2017


"Salz, Rich" <rsalz at akamai.com> writes:

> We're starting to work on a new CSPRNG for OpenSSL release 1.1.1 (the
> main point of that release is TLS 1.3, so we think it will have a lot
> of uptake).

Have you read "Cryptographic Right Answers" from Thomas Ptacek, who
actually knows what he is talking about?

https://gist.github.com/tqbf/be58d2d39690c3b366ad

    Use /dev/urandom.

    Avoid: userspace random number generators, havaged, prngd, egd,
    /dev/random

Why on earth would you put something as critical as random number
generation into some complex userspace monstrosity?

I am fairly confident you will ignore this advice, but could you please
do me one small favor? Go ask on crypto.stackexchange.com and see what
kind of response you get

 - Nemo


More information about the cryptography mailing list