Hi All, This caught my attention: "
TLS requires a cryptographically secure pseudorandom number generator (CSPRNG). In most cases, the operating system provides an appropriate facility such as /dev/urandom, which should be used absent other (e.g., performance) concerns. It is RECOMMENDED to use an existing CSPRNG implementation in preference to crafting a new one. Many adequate cryptographic libraries are already available under favorable license terms." /dev/urandom is nice, but many OSes have adopted the getrandom() interface. The advantage is that you don't need an additional file description open and it can work in a chroot too ... Also, could we mention something like arc4random() as a CSPRNG implementation ? It has been widely adopted by several OSes. Can this be suggested as well ? _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
