[Cryptography] OpenSSL CSPRNG work
Richard Outerbridge
outer at interlog.com
Thu Jun 29 04:36:20 EDT 2017
> On 2017-06-29 (180), at 01:39:15, Watson Ladd <watsonbladd at gmail.com> wrote:
>
> On Mon, Jun 26, 2017 at 6:19 AM, Salz, Rich via cryptography
> <cryptography at metzdowd.com> wrote:
>> We’re starting to work on a new CSPRNG for OpenSSL release 1.1.1 (the main
>> point of that release is TLS 1.3, so we think it will have a lot of uptake).
>
> I would strongly suggest only using /dev/random or /dev/urandom to
> seed the top level generator. On Windows there is a separate API for
> the same thing. Other sources are not guaranteed to be random, and
> ultimately the OS knows far more than you do.
Are different VM instances running ”by chance” on the same chip guaranteed to have
different /dev/random & /dev/urandom outputs?
__outer
More information about the cryptography
mailing list