On Tue, 29 Apr 2014, Steven Chamberlain wrote: > On Mon, 28 Apr 2014 16:52:10 +0000 (UTC), daThorsten Glaser wrote: > > For their OpenSSL fork, specifically, they rely on some system > > properties such as their RNG’s behaviour way too much [...] > > I would think Linux and FreeBSD have much better PRNGs now than what has > been done until now in OpenSSL.
No, not exactly. Linux’ /dev/urandom is way too small, it has only 512 bits of state, which makes all sorts of people object to code reading more than 8/16 or at best 32 bytes out of it for any given application. > not trustworthy, OpenSSL is resorting to mixing in uninitialised blocks > of memory, the time, private key exponents, digests, in one case a > structure returned by stat() It also adds 32 bytes from /dev/urandom (see #742145 where I find that a bit few, but given the above it’s reasonable), and from ~/.rnd or another randfile (not any more in LibreSSL). bye, //mirabilos -- Sometimes they [people] care too much: pretty printers [and syntax highligh- ting, d.A.] mechanically produce pretty output that accentuates irrelevant detail in the program, which is as sensible as putting all the prepositions in English text in bold font. -- Rob Pike in "Notes on Programming in C" -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.deb.2.10.1404301434500.12...@tglase.lan.tarent.de
