On Sun, Oct 14, 2012, Kumar Ghanta wrote: > Thank you very much for the quick response Stephen. Is it fine if we allow > parent and child processes to share the same seed? I just want to know if > there are any NIST restrictions. If possible, can you please elaborate on > how does openssl takes care automatically after 1.2? >
If two processes share the same PRNG state then it has several security issues: for example DSA private keys can be leaked. Later versions of the PRNG (and DRBG) mix (among other things) the current process ID into the internal state when random numbers are generated. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
