On Tue, Apr 03, 2018 at 12:52:50PM +0000, Salz, Rich wrote: > I had not realized that we just increased the “entropy” requirements by 50%, > from 256 to 384. The original DRBG submission that I did only required 128 > bits. I think that is wrong, and I think the PR that did it (#5503) should > be reverted. > > I am concerned that we are trying to meet requirements that we really don’t > have. The original code was a huge improvement. > > Requiring 384 bits of random seed is silly. I think it is ridiculous. One > way or another we HAVE to fix that before the release.
Please note that that 50% extra is only used for instantiating the DRBG. On reseed we it only uses 256 bits. There is an alternative to that 50% extra, but it's not making sense to me. The 1.1.0 version also used 256 bit. Kurt _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project