On 10/30/2019 04:19 PM, openssl-users-requ...@openssl.org digested: > From: Frederick Gotham <cauldwell.tho...@gmail.com> > To: openssl-users@openssl.org > > I even tried deleting /dev/random and /dev/urandom
... don't do that. The Linux kernel is both a provider and a consumer of entropy, e.g., to randomize the TCP sequence numbers as it establishes TCP connections on behalf of applications. Unless you go all the way and add a TPM driver (as the only source of entropy) to *the kernel*, you risk ending up with "good crypto" on the application layer but easily hijacked connections, defeated stack randomization, SSH logins from remote that fail, etc. etc.. Kind regards, -- Jochen Bern Systemingenieur E jochen.b...@binect.de W www.binect.de
