I know that iOS (which was listed) has a good randomness source (SecRandomCopyBytes <https://developer.apple.com/documentation/security/1399291-secrandomcopybytes>) but I don’t think OpenSSL uses it yet. I’m not sure about the quality of Android’s sources, but would expect them to be decent.
Pauli > On 4 Jan 2019, at 10:46 pm, Dr. Matthias St. Pierre > <matthias.st.pie...@ncp-e.com> wrote: > >> So my concerns are: >> 1. Whether I really can count on getting a high-entropy PRNG across these >> various platforms, without any explicit initialization. > > Yes, for the mentioned platforms, the default configuration is > `--with-rand-seed=os`, which means the DRBG automatically seeds > and reseeds using os entropy sources. > > 2. If something goes wrong with PRNG initialization, that it will fail hard > rather than fall back to something less secure. And if so how I detect such a > failure. > > If the (re-)seeding fails, the DRBG enters an error state. When you try to > generate random bytes it will detect the error state and try > automatically to heal the error state by reinstantiating. But if reseeding > fails, it will return and error code and not generate any pseudo random bytes. > > Citing from the manual pages: > > OpenSSL comes with a default implementation of the RAND API which is > based on the > deterministic random bit generator (DRBG) model as described in [NIST > SP 800-90A Rev. 1]. > The default random generator will initialize automatically on first use > and will be fully functional > without having to be initialized ('seeded') explicitly. It seeds and > reseeds itself automatically using > trusted random sources provided by the operating system. > > As a normal application developer, you do not have to worry about any > details, just use RAND_bytes(3) > to obtain random data. Having said that, there is one important rule to > obey: Always check the error > return value of RAND_bytes(3) and do not take randomness for granted. > > https://www.openssl.org/docs/man1.1.1/man7/RAND.html > > (See also https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html) > > Matthias > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users