On Mon, Sep 23, 2013, yustein wrote: > Hi, > > Does OpenSSL use this by default, if not where do a user choose which method > to use for CSPRNG? >
The default DRBG for OpenSSL is 256 bit AES CTR_DRBG. The default can be changed by using the compile time flags: -DOPENSSL_DRBG_DEFAULT_TYPE=type -DOPENSSL_DRBG_DEFAULT_FLAG=flags The default DRBG type can also be set at runtime before any other operations are performed by calling: void RAND_set_fips_drbg_type(int type, int flags); Where "type" and "flags" have the same values as those indicated in the user guide (section 6.1.2). Future versions of OpenSSL will fail if an attempt is made to use the Dual EC DRBG. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
