On 04/10/2018 17:38, Salz, Rich wrote:
What's supposedly bad about the 1.0.x/1.1.0 OpenSSL RNG other
than not being an NSA/NIST design?
Poor locking; been known to crash.
Simple bug, not a reason to change the algorithm.
Does not reseed.
But can be reseeded if so desired, subject to locking.
Global across the process, rather than isolated for private-key generation or per-connection.
This is good, not bad.
Mixes in getpid and time to get "better" random bytes.
This gives 2 to 5 extra bits on machines with little available entropy,
provided init is not done too early in the machine boot process. There
seem to be much stronger sources loaded where available.
Has a "pseudo-rand" feature.
This is a clearly marked feature useful when the entropy sources are
significantly slower than the random bit need, such as on a busy TLS
server with a serial port (or slower) entropy source.
Never was cryptographically evaluated.
By whom?, I would expect the very public OpenSSL RNG to have been
subjected to lots of 3rd party review outside the Foundation.
The new design is taken from a document that was insufficiently publicly
reviewed and was later found to contain a likely backdoor in one of its
other suggested RNG designs, making the entire document highly dubious.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users