On 28/06/17 15:42, Matthias St. Pierre wrote: > Hello Matt, > > I am not quite sure what your current favourite solution for the upcoming > default OpenSSL random generator is. Are you favouring > > - a DRBG (following SP800-90Ar1) which is using the OS RNG as entropy source > for (re-)seeding or > > - simply passing all generate requests over to the OS RNG? > > It looks like you made two votes for the first and one vote for the second > variant (see below). Could you please clarify your preference?
Both :-) i.e. both should be available as an option. I don't think we will necessary be able to do the latter on all platforms that we support. As for which of the two is the default: where it is available - the latter. Where it isn't the former. Matt > > Regards, > > Matthias St. Pierre > > > Vote 1: > > On 27.06.2017 09:28, Matt Caswell wrote: >> On 26/06/17 21:18, Kurt Roeckx wrote: >>>> “Recommendation for Random Number Generation Using Deterministic Random >>>> Bit Generators” >>>> http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf >>>> >>>> That design may look complicated, but if you think you can >>>> leave out some of the blocks in their diagram, proceed with >>>> caution. Every one of those blocks is there for a reason. >>> SP800-90A (or revision 1) can clearly be used as reference on how >>> to implement it, even if we don't use an approved algorithm from >>> it. And I really think we should look at that document when >>> implementing it. >>> >>> There should probably also be an option to use an RNG that >>> conforms to it. >> I am strongly in favour of this approach. We should be led by standards. >> > > Vote 2: (comment on PR #3789: WIP: Add DRBG random method) > > https://github.com/openssl/openssl/pull/3789#issuecomment-311494544 > > > Vote 3: > > > On 28.06.2017 11:29, Matt Caswell wrote: >> On 27/06/17 19:50, Benjamin Kaduk wrote: >>> On 06/27/2017 02:28 AM, Matt Caswell wrote: >>>> On 26/06/17 21:18, Kurt Roeckx wrote: >>>> >>>>> I think it should by default be provided by the OS, and I don't >>>>> think any OS is documenting how much randomness it can provide. >>>>> >>>> I also agree that, by default, using the OS provided source makes a lot >>>> of sense. >>>> >>> Do you mean having openssl just pass through to >>> getrandom()/read()-from-'/dev/random'/etc. or just using those to seed >>> our own thing? >> I meant the former. >> >> Matt > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev