On 10/30/2019 04:19 PM, openssl-users-request@xxxxxxxxxxx digested: > From: Frederick Gotham <cauldwell.thomas@xxxxxxxxx> > To: openssl-users@xxxxxxxxxxx > > I even tried deleting /dev/random and /dev/urandom ... don't do that. The Linux kernel is both a provider and a consumer of entropy, e.g., to randomize the TCP sequence numbers as it establishes TCP connections on behalf of applications. Unless you go all the way and add a TPM driver (as the only source of entropy) to *the kernel*, you risk ending up with "good crypto" on the application layer but easily hijacked connections, defeated stack randomization, SSH logins from remote that fail, etc. etc.. Kind regards, -- Jochen Bern Systemingenieur E jochen.bern@xxxxxxxxx W www.binect.de
