On 11/16/2012 3:36 AM, Jeffrey Walton wrote:
... Headless servers, entropy starvation, and rollbacks are a concern in modern environments. OpenSSL and other entropy gathers, such as EDG, don't account for the later. Its best to take the bull by the horns and do it yourself. At minimum, you need to call RAND_add() with entropy external to /dev/{u}rand.
Would you care to elaborate on the following points: 1. What do you mean by "rollback" 2. What RNG/PRNG are you referring to as "EDG" 3. What exactly makes /dev/{u,}random in current (not ancient) Linux kernelsinsecure given an appropriate supply of entropy? Note that the two papers you site on the Linux kernel PRNG are: I. A 6 year old document, presumably not applicable to the code in currentkernel versions. II. A document about the consequences of using any PRNG without sufficiententropy input, with the Linux kernel PRNG as a common example. This wouldpresumably be irrelevant if feeding the kernel plenty of external entropy, e.g.by getting it from a hardware RNG hooked up to a trusted server (under yourown control of cause). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org