On Fri, Oct 23, 2015 at 07:19:11PM +0200, Alessandro Ghedini wrote: > On Fri, Oct 23, 2015 at 04:34:11PM +0200, Dr. Matthias St. Pierre wrote: > > > > Hi, > > > > I have a related question concerning alternative RNGs, hope it is not too > > off-topic: > > > > Currently we are using the NIST-SP800-90a compliant DRBG > > (fips_drbg_method()), > > because it seemed to us to be more sophisticated and mature than the default > > RAND_SSLeay(). At least it's better documented and tested. > > > > Currently this DRBG is only available through the FIPS object module, so you > > need to build a FIPS capable OpenSSL library in order to use it. > > > > Shouldn't the FIPS DRBG code be added to the normal code base in master, > > too, > > as an alternative RNG implemtation? Or is the NIST-SP800-90a DRG > > construction > > already obsolete outside of FIPS world? > > FWIW, the FIPS module was recently removed, so FIPS_drbg_method() is not > present > in master anymore. I think there are plans to reimplement the whole thing, but > I don't know anything about that. > > In general the NIST DRBGs seem fairly complicated (or completely untrustworthy > like Dual EC DRBG), so I'd rather have a different implementation as default > RNG for OpenSSL.
Well, the Dual EC has been removed from the guidance. The other 3 modes described in NIST 800-90a make sense though. I suggest to read the standard, the main things making it long are all the error handling and reseeding strategies. Ciao, Marcus _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
