Like I said in the post I just made, I see zero problems with having that requirement on systems that can support it. I don't see why we must lower the bar for *everyone* just because we currently need to do so for VMS....
Cheers, Richard In message <[email protected]> on Sat, 7 Apr 2018 14:15:51 +0000, "Salz, Rich" <[email protected]> said: rsalz> I would like to see this put on hold until we fix the ‘now requires 50% more random seeding’ issue. rsalz> rsalz> What should I do to force that issue? rsalz> rsalz> From: Richard Levitte <[email protected]> rsalz> Reply-To: openssl/openssl rsalz> <reply+006fe294b88b1b00f712afbd9c8b598fbacf36e3d1ffef7092cf0000000116e06f2192a169ce129bc...@reply.github.com> rsalz> rsalz> Date: Saturday, April 7, 2018 at 7:36 AM rsalz> To: openssl/openssl <[email protected]> rsalz> Cc: Subscribed <[email protected]> rsalz> Subject: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904) rsalz> rsalz> Currently, the VMS version of rand_pool_acquire_entropy() delivers 256 rsalz> bits of entropy. The DRBG using AES-256-CTR and wanting 50% extra rsalz> bits for the nonce demands 384 bits of entropy. Obviously, this makes rsalz> anything random related to fail on VMS. rsalz> rsalz> The solution for now, until we get the VMS rand_pool_acquire_entropy() rsalz> to deliver more entropy, is to lower the bar for VMS specifically, rsalz> i.e. making the default scrambling cipher AES-128-CTR instead of rsalz> AES-256-CTR. rsalz> rsalz> Fixes #5849 rsalz> rsalz> --------------------------------------------------------------------------------------------------- rsalz> rsalz> You can view, comment on, or merge this pull request online at: rsalz> rsalz> https://github.com/openssl/openssl/pull/5904 rsalz> rsalz> Commit Summary rsalz> rsalz> * VMS: lower the entropy demand for this platform specifically rsalz> rsalz> File Changes rsalz> rsalz> * M include/openssl/rand_drbg.h (10) rsalz> rsalz> Patch Links: rsalz> rsalz> * https://github.com/openssl/openssl/pull/5904.patch rsalz> rsalz> * https://github.com/openssl/openssl/pull/5904.diff rsalz> rsalz> ― rsalz> You are receiving this because you are subscribed to this thread. rsalz> Reply to this email directly, view it on GitHub, or mute the thread. rsalz> _______________________________________________ openssl-project mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-project
