On Mon, Feb 14, 2011 at 5:46 PM, Shabsi Walfish <sha...@google.com> wrote:
> This depends on what you consider to be the basic use case. Generating > long-lived cryptographic keys absolutely requires high quality entropy... if > you are only generating short-lived authenticators (that are not used for > encryption) then you could get away with weaker entropy. You will get the > most mileage out of this feature if it can be used to generate encryption > keys, or long-lived signing keys. OpenSSL gets randomness for generating keys by reading /dev/urandom. It doesn't seem to do any other tricks, like reading /proc/sys/kernel/random/entropy_avail. That at least suggests it's sufficient for securely generating keys, without more complex APIs like exposing the amount of entropy that was available. -- Glenn Maynard
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss
