Like I said in the post I just made, I see zero problems with having
that requirement on systems that can support it.  I don't see why we
must lower the bar for *everyone* just because we currently need to do
so for VMS....

Cheers,
Richard

In message <116a311c-48b3-4181-9e68-b2fcc8d2d...@akamai.com> on Sat, 7 Apr 2018 
14:15:51 +0000, "Salz, Rich" <rs...@akamai.com> said:

rsalz> I would like to see this put on hold until we fix the ‘now requires 50% 
more random seeding’ issue.
rsalz> 
rsalz> What should I do to force that issue?
rsalz> 
rsalz> From: Richard Levitte <notificati...@github.com>
rsalz> Reply-To: openssl/openssl
rsalz> 
<reply+006fe294b88b1b00f712afbd9c8b598fbacf36e3d1ffef7092cf0000000116e06f2192a169ce129bc...@reply.github.com>
rsalz> 
rsalz> Date: Saturday, April 7, 2018 at 7:36 AM
rsalz> To: openssl/openssl <open...@noreply.github.com>
rsalz> Cc: Subscribed <subscri...@noreply.github.com>
rsalz> Subject: [openssl/openssl] VMS: lower the entropy demand for this 
platform specifically (#5904)
rsalz> 
rsalz> Currently, the VMS version of rand_pool_acquire_entropy() delivers 256
rsalz> bits of entropy. The DRBG using AES-256-CTR and wanting 50% extra
rsalz> bits for the nonce demands 384 bits of entropy. Obviously, this makes
rsalz> anything random related to fail on VMS.
rsalz> 
rsalz> The solution for now, until we get the VMS rand_pool_acquire_entropy()
rsalz> to deliver more entropy, is to lower the bar for VMS specifically,
rsalz> i.e. making the default scrambling cipher AES-128-CTR instead of
rsalz> AES-256-CTR.
rsalz> 
rsalz> Fixes #5849
rsalz> 
rsalz> 
---------------------------------------------------------------------------------------------------
rsalz> 
rsalz> You can view, comment on, or merge this pull request online at:
rsalz> 
rsalz> https://github.com/openssl/openssl/pull/5904
rsalz> 
rsalz> Commit Summary
rsalz> 
rsalz> * VMS: lower the entropy demand for this platform specifically
rsalz> 
rsalz> File Changes
rsalz> 
rsalz> * M include/openssl/rand_drbg.h (10)
rsalz> 
rsalz> Patch Links:
rsalz> 
rsalz> * https://github.com/openssl/openssl/pull/5904.patch
rsalz> 
rsalz> * https://github.com/openssl/openssl/pull/5904.diff
rsalz> 
rsalz> ―
rsalz> You are receiving this because you are subscribed to this thread.
rsalz> Reply to this email directly, view it on GitHub, or mute the thread.
rsalz> 
_______________________________________________
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Reply via email to