| I am using the EVP API (version 1.1.1) for performing public key and symmetric key operations across a variety of platforms (macOS, Windows, Linux, iOS and Android). I am currently not doing anything to explicitly seed OpenSSL’s random number generator. My understanding is that the default behavior should be cryptographically secure. So my concerns are: 1. Whether I really can count on getting a high-entropy PRNG across these various platforms, without any explicit initialization. 2. If something goes wrong with PRNG initialization, that it will fail hard rather than fall back to something less secure. And if so how I detect such a failure. Our current implementation uses libsodium, which relies on the usual system calls to generate entropy, so if I can count on OpenSSL always doing this then I’m happy. Thanks, Mike |
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
