Defence in depth seems prudent: independent sources with agglomeration and whitening.
As Kurt noted, [on modern OSes,] it is really unclear what sources are available to us that are not already being used by the kernel. I would turn to hardware. Since OpenSSL already has assembly-level optimization for various CPU types, accessing instructions like RDSEED and RDRAND (when available) doesn’t sound too hard. Mix their output into the seed. It can only improve the result. So, [on these same modern OSes,] what benefit do we really get from using multiple "independent" sources? They are unlikely to actually be independent if the kernel is consuming them as well and we consume the kernel. Depends on what you mean by “independent”. A completely different mechanism – probably not. A mechanism whose output bits/bytes are not (tractably) correlated? Probably yes. We shouldn't trust the user to provide entropy. Definitely. No. We shouldn’t trust the user to provide all entropy – but should welcome user’s contribution to the entropy pool.
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev