> Please note that that 50% extra is only used for instantiating the DRBG. On reseed we it only uses 256 bits. True. And now we're finding that VMS won't work. And I bet there are other systems that will also find this amount excessive. > There is an alternative to that 50% extra, but it's not making sense to me. Shrug. > The 1.1.0 version also used 256 bit. The 1.1.0 code was pre-DRBG and was a piece of crap. Using AES/DRBG is stronger, better, and for the normal case 128 bits is enough.
_______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project