> > Well maybe I can ignore section 10.3? > > > > That's a nice joke Rich, but the Dual_EC_DRBG chapter has been dropped in > SP800-90Ar1, which supersedes SP800-90A:
I know. I was trying to gently point out that even John makes mistakes :) > - Do you intend to continue supporting RAND_set_rand_method() or will > there only be one 'perfect' random generator and no choice anymore? This will continue to work. > - Do you consider the SP800-90A DRBG outdated or will there be a chance > that it will be added to the OpenSSL master as > officially supported RAND method? That's a great idea, I can work on that now. > - Will the new OpenSSL RNG support a way to configure reseed intervals and > external entropy sources in a similar fashion > as the FIPS DRBG did? That's three questions :) But yes, we should address that. I'm not sure if new RAND API's are the way to go or perhaps a RAND_control API that gives us a bit more flexibility. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev