On 07 Sep 2013, at 11:26 PM, Steve Marquess <marqu...@opensslfoundation.com> wrote:
> Note that Dual EC DRBG is *NOT* used by default and a calling > application must specifically and deliberately enable it; that cannot be > done accidentally. Any application which does so will hopefully be fully > aware of the consequences (and probably must do so for > policy reasons). Is the Dual EC DRBG used in any hardware crypto implementations, and if so, how would we avoid using those hardware implementations with certainty in OpenSSL? I'm thinking specifically of the Intel one described here: http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator Regards, Graham -- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
