[Cryptography] OpenSSL CSPRNG work
Ben Laurie
benl at google.com
Thu Jun 29 05:57:34 EDT 2017
On 29 June 2017 at 06:39, Watson Ladd <watsonbladd at gmail.com> wrote:
> On Mon, Jun 26, 2017 at 6:19 AM, Salz, Rich via cryptography
> <cryptography at metzdowd.com> wrote:
> > We’re starting to work on a new CSPRNG for OpenSSL release 1.1.1 (the
> main
> > point of that release is TLS 1.3, so we think it will have a lot of
> uptake).
>
> I would strongly suggest only using /dev/random or /dev/urandom to
> seed the top level generator. On Windows there is a separate API for
> the same thing. Other sources are not guaranteed to be random, and
> ultimately the OS knows far more than you do.
>
If you have effective mixing, what is the problem with mixing in
potentially non-random sources?
>
> >
> >
> >
> > The conversation thread, on the dev mailing list, starts here:
> > https://mta.openssl.org/pipermail/openssl-dev/2017-June/009403.html It
> also
> > has pointers to other dicussions in a first GitHub pull request.
> >
> >
> >
> > Thanks.
> >
> >
> >
> > --
> >
> > Senior Architect, Akamai Technologies
> >
> > Member, OpenSSL Dev Team
> >
> > IM: richsalz at jabber.at Twitter: RichSalz
> >
> >
> >
> >
> > _______________________________________________
> > The cryptography mailing list
> > cryptography at metzdowd.com
> > http://www.metzdowd.com/mailman/listinfo/cryptography
>
>
>
> --
> "Man is born free, but everywhere he is in chains".
> --Rousseau.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170629/b56a9f51/attachment.html>
More information about the cryptography
mailing list