On Wed, Mar 14, 2018 at 12:49:46PM +0000, Salz, Rich wrote: > So is having a high-quality, lockless (per-thread) CSPRNG good enough for > now? Phrased like that, I think so. We have enough other stuff to do. So > +1 to Kurt's per-thread approach.
I think it's better than what we have in 1.1.0. And if we think we can improve it, I suggest we improve it after 1.1.1. So I think the discussion is both about speed and security. >From what I understand from various things is that the random number generate is now for some workloads at least a limiting factor. Having it lockless and per thread is both the easiest thing to do and gives the best performance. When it comes to security, there seems to be a concern that from the public data it might be possible to determine the internal state, and that this might possibly have an effect on the security of a different connection. But we have the same situation now in 1.1.0. And I'm still waiting for people to properly explain that having it per SSL is better or not, there at least doesn't seem to be an agreement on that part. Kurt _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project