On 06/27/2017 02:28 AM, Matt Caswell wrote: > > On 26/06/17 21:18, Kurt Roeckx wrote: > >> I think it should by default be provided by the OS, and I don't >> think any OS is documenting how much randomness it can provide. >> > I also agree that, by default, using the OS provided source makes a lot > of sense. >
Do you mean having openssl just pass through to getrandom()/read()-from-'/dev/random'/etc. or just using those to seed our own thing? The former seems simpler and preferable to me (perhaps modulo linux's broken idea about "running out of entropy"), but the argument presented about us being used in all sorts of environments that we can't even enumerate has basically convinced me that we will need to provide some alternative as well. (It remains unclear how such environments will be able to provide usable seed randomness, but there is only so much we can do about that.) -Ben
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
