I was asked off-list why we're doing this. A reasonable question. :) There are many complains about the OpenSSL RNG. For started: https://github.com/openssl/openssl/issues/2168 https://github.com/openssl/openssl/issues/898 https://github.com/openssl/openssl/issues/2457 https://github.com/openssl/openssl/issues/3125
Also, there's things like this: It uses MD5 It has a global pool, not per-thread so there's locking It doesn't use getrandom available on modern Linux systems It uses other bizarre private hashing and mixes in time and getpid To summarize, perhaps, let's just say that it is really really outdated. The state of the art has advanced, and we have some catching-up to do. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev