Ben wrote: > On 06/27/2017 07:24 PM, Paul Dale wrote: >> The hierarchy of RNGs will overcome some of the >> performance concerns. Only the root needs to call getrandom(). >> I do agree that having a DRBG at the root level is a good idea though. > Just to check my understanding, the claim is that adding more layers of > hashing and/or encryption will still be faster than a larger number of > syscalls?
I'm not sure if it will be faster or not, although it seems likely. The kernel will have to do the same cryptographic operations so using it adds a syscall overhead. If the kernel is doing different cryptographic operations, then it could be faster. However, I'm more interested in separation of the random sources. I'd prefer to not be sharing my RNG with others if possible. A compromise is unlikely but if one happens it would be nice to limit the damage. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Benjamin Kaduk [mailto:bka...@akamai.com] Sent: Wednesday, 28 June 2017 11:22 AM To: openssl-dev@openssl.org; Paul Dale <paul.d...@oracle.com> Subject: Re: [openssl-dev] Work on a new RNG for OpenSSL -Ben -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev