Version: 1.1.1-1 On 2001-03-06 12:06:26 [+0100], Robert Bihlmeyer wrote: > For libssl, /dev/urandom is probably the right default, as it can be > used in circumstances with a time-security-tradeoff (e.g. webserver). > > OTOH, "openssl" has no time constraints, and needs maximum security - > think: creation of a new CA key. Usage of /dev/random should be an > option or even the default for Linux[1]. Unfortunately, it's not > possible to just set RANDFILE to "/dev/random" (via environment or > config file), because openssl then wants to read the *whole* file ... > a Sisyphus task.
As of 1.1.1 getrandom() is used and it has its own rng on top of it so I think we are good here. Sebastian