I am using the EVP API (version 1.1.1) for performing public key and symmetric
key operations across a variety of platforms (macOS, Windows, Linux, iOS and
Android). I am currently not doing anything to explicitly seed OpenSSL’s random
number generator. My understanding is that the default behavior
<https://www.openssl.org/blog/blog/2017/08/12/random/> should be
cryptographically secure.
So my concerns are:
1. Whether I really can count on getting a high-entropy PRNG across these
various platforms, without any explicit initialization.
2. If something goes wrong with PRNG initialization, that it will fail hard
rather than fall back to something less secure. And if so how I detect such a
failure.
Our current implementation uses libsodium, which relies on the usual system
calls to generate entropy, so if I can count on OpenSSL always doing this then
I’m happy.
Thanks,
Mike
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
