From: "Ben Laurie" <[EMAIL PROTECTED]> Sent: Saturday, December 29, 2001 3:25 PM
> Justin Erenkrantz wrote: > > > AIUI, we must also consider that OpenSSL will do some magic to > > the seed value on its own, so it *should* make it slightly better. > > It'd be nice to get some input from the OpenSSL folks as they've > > probably thought about this longer than we have (but, I'm afraid > > I'm against a random file on-disk as *no one* wants to deal with > > that). > > > > I guess the problem is trying to identify how good we want this to > > be. We'd only use this on platforms that don't have a source of > > entropy (i.e. Solaris, AIX, etc.). We're currently kind of screwed > > on these platforms anyway - are any of these options better than > > nothing at all? I'm at a loss as to what we should do. -- justin > > I'm completely opposed to us subverting the whole entropy question. It > is absolutely unacceptable for Apache to ship with anything that will > "fix" the problem of insufficient entropy in any way other than > providing sufficient entropy. If this means people have to think, well > that's just tough. Agreed - but perhaps differently. It's something of a political question, but if OpenSSL is the solution to crypto ... I rather expect it alone has the maintainers and contributors to address cross platform entropy. My question is --- is it our place to gather entropy; or do we rely upon the OpenSSL project to do so across platforms [and fill in the gaps for platforms that really offer nothing.] I'm not against supplimenting Entropy [in fact, Justin and I were joking, well half joking, that a simple output filter that recognizes only gzip compressed data - could suppliment the entropy.] I just question if we have the resources to address this adaquately, or if it truly belongs in the scope of the OpenSSL project itself. > BTW, EGD is a cross-platform entropy gatherer. And Solaris has patches > to provide /dev/random. Interesting. At least it's dual-licensed [GPL + MIT]. Note it's perl based, however. http://sourceforge.net/projects/egd/ Bill
