On Tue, 12 Jan 2016 03:36:59 AM Kaduk, Ben via RT wrote: > There's also the part where asking 'openssl rand' for gigabytes of data > is not necessarily a good idea -- I believe in the default configuration > on unix, it ends up reading 32 bytes from /dev/random and using that to > seed EAY's md_rand.c scheme, which is not exactly a state-of-the-art > CSPRNG these days...
This matches my understanding, although I thought these bytes would be read from /dev/urandom first. The unwritten but implied part is that, in the default configuration, the deterministic generator is never reseeded -- those 32 bytes are all the entropy it will ever get. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
