[Cryptography] OpenSSL CSPRNG work
Bill Frantz
frantz at pwpconsult.com
Thu Jun 29 11:33:01 EDT 2017
On 6/28/17 at 3:55 PM, nemo at self-evident.org (Nemo) wrote:
>Anyway... Whatever clever user-space machinery you come up with, can you
>please just disable it completely by default on any system with
>getrandom() / getentropy()? TIA
Does OpenSSL support any platforms that do not have a
system-supplied secure random number generator? The world isn't
all MacOS/Unix/Linux/Windows.
I am also suspicious of performance arguments applied to
security code. I would like to see measurements of the possible
improvement gained by avoiding a system call to /dev/urandom
(aka /dev/random on MacOS). My guess any improvement gained by
avoiding system calls is trivial when weighed against the cost
of doing the crypto in OpenSSL. YMMV.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345
Englewood Ave
www.pwpconsult.com | buffer overruns. | Los Gatos,
CA 95032
More information about the cryptography
mailing list