In message <8c39cdf4-a91e-4dfb-be67-6799e07d3...@akamai.com> on Tue, 3 Apr 2018 16:58:17 +0000, "Salz, Rich" <rs...@akamai.com> said:
Advertising
rsalz> > Please note that that 50% extra is only used for rsalz> > instantiating the DRBG. On reseed we it only uses 256 rsalz> > bits. Instantiating is exactly the problem. The VMS rand_pool_acquire_entropy() currently generates 256 bits of entropy on each call. No more, no less. And that's at an estimated 4 bits of entropy per byte, and estimation that's from long ago. Either way, because instantiation demands more than 256 bits, the whole RNG breaks down, and everything related to it in some way along with it. In other words, OpenSSL on VMS dies. rsalz> True. And now we're finding that VMS won't work. And I bet rsalz> there are other systems that will also find this amount rsalz> excessive. I'm thinking that for any platform that can support that, I don't see a problem, at all. So the current short term solution for this is to simply default to AES-128-CTR instead of AES-256-CTR, specifically on VMS, which is currently sitting in PR#5904. It seems like the option to make everyone happy, and everyone ends up with a better randomness implementation either way (compared to OpenSSL 1.1.0 and older). In the mean time, I've spent a few days going through the docs on all kinds of data that you can get out from the VMS kernel, most notably through a system service called sys$getrmi()... there's a gazillion data points, a treasure trove for anyone that's into statistics. And I intend to spend some time trying to estimate what kind of entropy I can get out of them... ... and that's where Kurt came in: > Can I suggest you try something like > https://github.com/usnistgov/SP800-90B_EntropyAssessment to at least > get an idea? You would need to sample 1 variable and feed that into > it. And yeah, sure, especially if all it takes is to produce a stream of bits from a source and feed that to the assessment program. As long as I don't have to port a C++11 program to VMS, 'cause unfortunately, the existing C++ compiler hasn't had a real update for quite a while :-/ (I'm sure that VSI is quite busy updating all they can, but they haven't let anything out yet) But either way, creating a better entropy gatherer is the longer term goal. I hope I get that part done before the release. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
