On Thu, Aug 24, 2017 at 08:07:54AM +1000, Peter Waltenberg wrote: > The bad case I'm aware of is the fork() one as it's critical that the RNG > state diverge on fork(). Without that you can get some very nasty > behaviour in things like TLS servers. Some of which have a thread pool + > fork() model to handle increasing load. > > While ideally you'd do a complete reseed, just different state in each RNG > is a LOT better than nothing, and even PID + whatever else you can > scrounge up will help a lot. Even the high res counters available on most > current CPU's would help there because forking multiple processes isn't > quite synchronous.
This is why I want to add things like that by default in the additional data. Kurt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
