[Cryptography] OpenSSL CSPRNG work

Bill Frantz frantz at pwpconsult.com
Thu Jun 29 11:33:01 EDT 2017


On 6/28/17 at 3:55 PM, nemo at self-evident.org (Nemo) wrote:

>Anyway... Whatever clever user-space machinery you come up with, can you
>please just disable it completely by default on any system with
>getrandom() / getentropy()? TIA

Does OpenSSL support any platforms that do not have a 
system-supplied secure random number generator? The world isn't 
all MacOS/Unix/Linux/Windows.

I am also suspicious of performance arguments applied to 
security code. I would like to see measurements of the possible 
improvement gained by avoiding a system call to /dev/urandom 
(aka /dev/random on MacOS). My guess any improvement gained by 
avoiding system calls is trivial when weighed against the cost 
of doing the crypto in OpenSSL. YMMV.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | gets() remains as a monument | Periwinkle
(408)356-8506      | to C's continuing support of | 16345 
Englewood Ave
www.pwpconsult.com | buffer overruns.             | Los Gatos, 
CA 95032



More information about the cryptography mailing list