coderman wrote: <snip> > 3) perhaps a "best practice random" library is needed for > applications. it would keep a thread-specific-storage pool, mix > multiple sources into it, combine with OS entropy where available, and > then finally mix and fold before use. this way, even if the OS or > framework entropy is horribly broken, you've got a source that is much > more resilient in application. > > perhaps a bettercrypto.org like effort specifically for application > developers who need to be proficient users of crypto APIs (not all > devs applied cryptographers ;) > > ideally this would cover openssl, polartls, gnutls, crypto++, > cryptlib, libnss, etc.
There's a WIP 'libottery'[1] (think GCC linking syntax for the joke), which has scary (but humorously phrased) warnings against use in production that might go away a lot sooner if people test it aggressively. [1] https://github.com/nmathewson/libottery _______________________________________________ RNG mailing list [email protected] http://lists.bitrot.info/mailman/listinfo/rng
