Not interested in BSD or Yarrow PRNG. Not interested in any PRNG. Interested in True RNG from hardware as mixed by Theodore Ts'o excellent, predominant and continually evolving (https://lkml.org/lkml/2013/9/13/624) "/dev/random". Have more than enough TRNG for the needs of the servers in question. Might buy faster TRNG if ever required.
Does anyone know if 'openssl' will wait more patiently for entropy when using the EGD? Does anyone know anything about the behavior of 'openssl' when asked to block on various sources of entropy? At 09:16 9/22/2013 -0700, Michael Sierchio wrote: > >I assume that this is on a Linux distro? The design of the standard >Linux /dev/random is old. It was brilliant at the time (I think Ted >T'so is responsible for the brilliance), but has some characteristics >that are less than useful in this application. You'd do better to use >something like the FreeBSD /dev/random, which is based on >Yarrow. > >https://www.usenix.org/legacy/events/bsdcon/full_papers/murray/murray_html/ > >http://svnweb.freebsd.org/base/release/9.1.0/sys/dev/random/ > >If there is a hardware RBG on the computer, and /dev/crypto exists, it >can mix in bits from that. (Most hardware RBGs have a max bit rate of >16kbps, which is not adequate for a busy server with need for a lot of >random material) > >Think of how much better this is than when we had to use the noisy low >bits of the audio input combined with von Neumann decorrelation. >;-) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
