> I think we can get away with using OS-provided randomness directly in many > common cases. /dev/urandom suffices once we know that the kernel RNG has > been properly seeded. On FreeBSD, /dev/urandom blocks until the kernel RNG > is seeded; on other systems maybe we have to make one read from /dev/random > to get the blocking behavior we want before switching to /dev/urandom for > bulk reads.
It's not a question of "get away with." If the O/S libraries provides random bytes, like CryptGenRandom in windows or arc4random() then we should just wrap those functions and use them by default. If the O/S kernel provides random bytes, then we should use those bytes to seed (and to reseed) for a DRBG generator. We should allow applications to save/restore state, such as on reboot. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
