> On Tue, Dec 11, 2012 at 6:27 PM, redpath <redp...@us.ibm.com> wrote: >> When using this command >> >> openssl genrsa -out test.pem 2048 >> >> an RSA pair is created. Its not so much I want to know how a pair is >> randomly selected >> but how secure is that random selection. > It depends. In theory, the way entropy is gathered and managed is enough. >
Current versions of openssl take advantage of RdRand when present in the CPU. So on intel gen3 and beyond (Ivy Bridge i5, i7 and every later chip) openssl will have and use a robust source of entropy on chip. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
