In message <> on Sun, 8 Apr 2018 
12:24:08 +0000, "Salz, Rich" <> said:

rsalz> >    Yes, after what I all said previously, it's clear the code could
rsalz>     use improvements. I think at least Matthias and I assumed the code
rsalz>     about the minimum size was correct and that there was a minimum
rsalz>     requirement of 128 bit.
rsalz> My expectation was that the *maximum* would also be 128 bits.

Not sure what you're saying there.  If the entropy acquisition
routines is over enthusiastic and delivers 277 bits of entropy, are
you saying it shouldn't be allowed to?

rsalz> I deliberately stayed away from all RAND stuff after the
rsalz> initial PR, because I didn't want to step on anyone else's toes
rsalz> and "hog" the work.  I knew others (including Kurt) were very
rsalz> interested in this.
rsalz> Who is going to ensure that we improve the code?

All things considered, I think "we" will.  There seems to be enough
discussion going on among interested parties, and it does sound like
we want to find a common ground.


Richard Levitte
OpenSSL Project
openssl-project mailing list

Reply via email to