Hey everyone, as you may or may not know I'm currently modernizing Crypto++ to some extent. During some of my other research I noticed that the LibreSSL team decided to drop their (OpenSSL's) PRNG. They stated that it's not the job of the TLS library to provide users with randomness but rather the OS's job.
So here comes my question: How far do we trust the PRNGs of Windows (CryptGenRandom()) and UNIX (/dev/random?)? Is it neccesssary to find any source of potential entropy we can get or do we just sit there and use the entropy the OS provides to us? Depending on your answers I'll adapt my Fortuna implementation (if we trust in the OS, the OS will feed the pools, if not I have to do it). Now the master question: DO we even CAN get GOOD entropy in USERLAND? (-> Crypto++'s main usage) BR JPM -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
