On 06/26/2017 11:51 AM, Salz, Rich wrote:

>> Combining many lousy sources and hoping that one of them will do
>> the job is not good engineering practice.

> But if there are a couple and they're both mediocre?

There are multiple dimensions to be considered, including reliability
and rate.

As for reliability, I don't know what "mediocre" means.  Usually
security-critical code is correct or it's not.  For a seed-source,
either a lower bound on the amount of good "hard" randomness is
available and reliable, or it's not.

As for rate, seeding a PRNG places rather mild demands on the source.
I'm having trouble imagining a reasonable source that has a guaranteed
lower bound on the rate that is nonzero yet too small for the purpose.

By "reasonable" I mean to exclude things that were designed to be
facetious or perverse counterexamples.

Can somebody point to a specific example of a "mediocre" source?

> the ambient OS isn't one, but is one of many possibilities.

That's moving the outer loop to the inside, for no good reason.
I suggest asking the hard questions on a per-OS basis:

 --  If you trust this particular OS to provide a seed, why not
  trust it for everything, and not bother to implement an
  openssl-specfic RNG at all?

 -- Conversely, if you don't trust this particular OS, what makes
  you think you can solve a problem the OS failed to solve,
  especially without knowing why it failed?

You can then write an outer loop over all OS colors and flavors.

If the questions are unanswerable for each individual OS, it seems
both impossible and pointless to try to answer them for all OSs at
once.

> To summarize, perhaps, let's just say that it is really really
> outdated.  The state of the art has advanced, and we have some
> catching-up to do.

The standard advice that you see on e.g. the crypto list is to
use whatever the OS provides.  It's unlikely you can do better
... certainly not without making a treeeeemendous multi-year
R&D project out of it.

In particular, if the ambient environment is not secure, it is
very unlikely that anything openssl can do will make it secure.

If what the OS provides isn't good enough, you should file bug
reports against it.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to