Thanks for the quick reply. It sounds reasonable to make the default choice depending on the os environment. For me it is not a religious question what OpenSSL's default choice should be. I trust that you will find a sensible solution. And if OpenSSL supports both methods I can always make my own choice if I need to.
Regards, Matthias On 28.06.2017 16:46, Matt Caswell wrote: > > On 28/06/17 15:42, Matthias St. Pierre wrote: >> Hello Matt, >> >> I am not quite sure what your current favourite solution for the upcoming >> default OpenSSL random generator is. Are you favouring >> >> - a DRBG (following SP800-90Ar1) which is using the OS RNG as entropy >> source for (re-)seeding or >> >> - simply passing all generate requests over to the OS RNG? >> >> It looks like you made two votes for the first and one vote for the second >> variant (see below). Could you please clarify your preference? > Both :-) > > i.e. both should be available as an option. > > I don't think we will necessary be able to do the latter on all > platforms that we support. > > As for which of the two is the default: where it is available - the > latter. Where it isn't the former. > > Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev