On Wed, Oct 30, 2019 at 02:12:19PM -0000, Frederick Gotham wrote: > > It appears that OpenSSL will kick and scream and refuse to die not > matter how hard you hit it. If I try to generate a random number like > this: > > openssl rand -hex 8 > > Then it seems it will try in this order: > > 1) The TPM2 chip > 2) The software simulator of the TPM2 chip > 3) The built-in RDRAND number > 4) Another one that I can't find Which version of OpenSSL are you using? > I have recompiled OpenSSL with the flag OPENSSL_NO_RDRAND to get rid of > the in-built engine. I have even done "rm /dev/random" and "rm > /dev/urandom", but SOME HOW, SOME WAY, I'm still getting output when I > run openssl rand -hex 8. Depending on the version of OpenSSL and the kernel, you might also use the getentropy()/getrandom() cal. Since 1.1.0 we Configure supports the --with-rand-seed=none option. Kurt
