Am 23.10.2013 18:49, schrieb Fedor Indutny:
Hello Richard,
Yes, I see what this comment means. But what's the difference between
RAND_bytes() and RAND_pseudo_bytes() then? They seems to be using
exactly the same amount of entropy and can't ever fail or return `0`
(meaning that data is insecure).
When i don't overlook something the difference is only in the
initialisation phase when the entropy pool hasn't reached a specific
entropy limit at least once. Calling ssleay_rand_bytes with pseudo = 0
in this phase will result in an error entry, calling it with pseudo = 1
will give only the zero return code.
In my opinion, current implementation could be a RAND_pseudo_bytes()
backend, and RAND_bytes() should be something more secure (considering
that it is how its described in man documentation).
Well, my impression is that the creators of the respective code consider
the bytes delivered secure enough after the entropy pool has been
sufficiently seeded once.
Someone who doesn't share this opinion is free to do additional seedings.
Ciao,
Richard
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
