On Intel platforms I would definitely mix the RDRAND output in, at any cost. Otherwise I'm probably OK with the native RNG...
Sent from my iPad > On Mar 14, 2015, at 10:56, Ruben De Smet <[email protected]> wrote: > >> On 14/03/15 15:36, Jean-Pierre Münch wrote: >> Hey everyone, >> >> as you may or may not know I'm currently modernizing Crypto++ to some >> extent. >> During some of my other research I noticed that the LibreSSL team decided >> to drop their (OpenSSL's) PRNG. >> They stated that it's not the job of the TLS library to provide users with >> randomness but rather the OS's job. >> >> So here comes my question: >> >> How far do we trust the PRNGs of Windows (CryptGenRandom()) and UNIX >> (/dev/random?)? > > As far as I know a thing about crypto, I'm going to throw my opinion in > this starting discussion, while it's still new ;) > > Me to, I think it's the OS's job to do rng. AFAIK, Linux does a fairly > well job on that; it uses a lot of different sources for entropy. > Sources which CryptoPP/userland cannot acces: Intel CPU entropy > generator, network chatter, USB chatter. > > I would trust my /dev/random. I wouldn't trust Windows' RNG though, but > I wouldn't trust any randomgenerator on a closed source system. > >> >> Is it neccesssary to find any source of potential entropy we can get or do >> we just sit there and use the entropy the OS provides to us? >> >> Depending on your answers I'll adapt my Fortuna implementation (if we trust >> in the OS, the OS will feed the pools, if not I have to do it). >> >> Now the master question: DO we even CAN get GOOD entropy in USERLAND? (-> >> Crypto++'s main usage) >> >> BR >> >> JPM > > > -- > -- > You received this message because you are subscribed to the "Crypto++ Users" > Google Group. > To unsubscribe, send an email to [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google Groups > "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
