Re: [openssl-dev] DRBG entropy

Thanks for the helping me understand the whole entropy thing better. It is still get the feeling that this is a "best effort" thing and that nobody can actually proof what is correct. I am probably just bringing the math down to my level - sorry. With that said for validation I still need to

Re: [openssl-dev] [TLS1 PRF]: unknown algorithm

The scenario is kind of like this: 1. I copy the newest openssl library to the platform I am testing. 2. I build evp_test along with the newest openssl version (the one from point no 1) and then I copy it on the platform I am testing. 3. With an older openssl in the build path, I build a custom

Re: [openssl-dev] DRBG entropy

On Wednesday, 27 July 2016 15:23:21 CEST Leon Brits wrote: > John, > > Thanks for your reply. > > The SP800-90B test has different types of test but the test with the lowest > output is used as the maximum entropy capability of the chip. That is how I > understand it from the FIPS lab. > > For

Re: [openssl-dev] DRBG entropy

See: https://tools.ietf.org/html/rfc4086 Section 4 suggests ways to de-skew. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." > On Jul 28, 2016, at 6:51 AM, Hubert Kario wrote: > > On Wednesday, 27 July 2016 15:23:21 CEST

Re: [openssl-dev] DRBG entropy

Let's play a guessing game. I provide a hardware-based random number generator of my choosing. It produces a stream of bytes. It has an entropy density greater than 2.35 bits per byte. This claim is consistent with all the usual tests, but it is also more than that; it is not just "apparent"

Re: [openssl-dev] DRBG entropy

On Wed, Jul 27, 2016 at 05:32:49PM -0700, Paul Dale wrote: > John's spot on the mark here. Testing gives a maximum entropy not a minimum. > While a maximum is certainly useful, it isn't what you really need to > guarantee your seeding. Fom what I've read, some of the non-IID tests actually

[openssl-dev] Building current master fails when option no-nextprotoneg is used

Hi, Just to let you know that today's master fails to build when option no-nextprotoneg is used. Build stop when linking ssl_test.exe : cl /I "." /I "include" /I "include" -DOPENSSL_USE_APPLINK -DDSO_WIN32 -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC

[openssl-dev] 1.0.2h Compile fails if OPENSSL_NO_SHA512 is defined

I am defining OPENSSL_NO_SHA512 and get a compilation error in ssl/t1_lib.c: [08:47:30][Step 3/5] c->pkeys[SSL_PKEY_ECC].digest = EVP_sha384(); [08:47:30][Step 3/5] ^ [08:47:30][Step 3/5]

Re: [openssl-dev] DRBG entropy

I probably should have mentioned this in my earlier message, but the exponential example is valid for the NSIT SP800-90B non-IID tests too: 5.74889 bits per byte of assessed entropy. Again about as good a result as the tests will ever produce given the ceiling of six on the output. There is

[openssl-dev] CA chain.

Hi, I am new to SSL stuff. I was wondering whether the CA chain of a certificate can be changed. Let say the initial chain is Server->Intermediate CA1->Intermediate CA2->Root CA and during renewal we have Server->Root CA Sent from Yahoo Mail. Get the app-- openssl-dev mailing list To