On Tue, Jun 27, 2017 at 02:42:52PM +0200, Matthias St. Pierre wrote: > > So I have two questions: > > - Do you intend to continue supporting RAND_set_rand_method() or will there > only be one 'perfect' random generator and no choice anymore?
I think we should have a default one, but an option to have a different one. > - Do you consider the SP800-90A DRBG outdated or will there be a chance that > it will be added to the OpenSSL master as > officially supported RAND method? I think we should have at least 1 that follows SP800-90A, it's clearly something some people will need. > - Will the new OpenSSL RNG support a way to configure reseed intervals and > external entropy sources in a similar fashion > as the FIPS DRBG did? It should at least reseed by default. Having an option to change the default interval might make sense. There clearly should be a way to use a source other than the one provided by the kernel, which I think it needed for SP800-90A. Kurt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
