> I at least have a plan to add additional data, but probably not in > the current idea was probably not the way you would like to see it.
:-)
> My idea was to query at least various sources that we don't
> attribute any entropy to, like getpid(), gettimeofday(),
> clock_gettime(), the TSC, ...
>From my point of view – adding these doesn’t add a whole lot, but it doesn’t
>hurt. IMHO – add away. ;-)
> It might also use things like RDRAND / RDSEED which we don't trust.
Some don’t trust these, some think that they would add a good amount of
entropy. I for one would certainly like to see the output of these mixed in.
>From cryptography point of view, it cannot hurt, but may help a lot. Consider
it as a lottery ticket you don’t have to pay for. ;-)
> So I guess you want an interface that can both add things to the
> "entropy" pool, and to the "additional data" pool?
That is correct. Especially because some of us have “real” nice/fancy hardware
RNG (TRNG) available, and some like to mix in the output from RNGs on hardware
tokens - maybe not as impressive as a “real” fancy TRNG, but as they say, every
bit helps – in this case literally.
> It shouldn't be that hard, I'll try to come up with some proposal soon.
Thank you!!
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
