Patch Set 2: Sorry to not have been in the room at that time and I thought someone else would raise these points.
* OpenSSL/GNUtls take random bits from the kernel and then use something like a KDF to generate new values and only re-seeds if needed (e.g. this explains the OpenSSL/android zygote security issue that existed as after the fork two apps would generate the same random numbers). Still it leaves more rand in the kernel, avoids syscalls, apparently is still secure. * /dev/urandom can block. Be prepared for that. Specially when taking more random out of the kernel. -- To view, visit https://gerrit.osmocom.org/1526 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I0241b814ea4c4ce1458f7ad76e31d390383c2048 Gerrit-PatchSet: 2 Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Owner: Max <[email protected]> Gerrit-Reviewer: Harald Welte <[email protected]> Gerrit-Reviewer: Holger Freyther <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max <[email protected]> Gerrit-Reviewer: Neels Hofmeyr <[email protected]> Gerrit-HasComments: No
