> Please note that that 50% extra is only used for instantiating the
DRBG. On reseed we it only uses 256 bits.
True. And now we're finding that VMS won't work. And I bet there are other
systems that will also find this amount excessive.
> There is an alternative to that 50% extra, but it's not making
sense to me.
Shrug.
> The 1.1.0 version also used 256 bit.
The 1.1.0 code was pre-DRBG and was a piece of crap. Using AES/DRBG is
stronger, better, and for the normal case 128 bits is enough.
_______________________________________________
openssl-project mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-project
