Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Richard Levitte
In message <20180407190250.ga27...@roeckx.be> on Sat, 7 Apr 2018 21:02:51 +0200, Kurt Roeckx said: kurt> On Sat, Apr 07, 2018 at 06:49:50PM +0200, Richard Levitte wrote: kurt> > H... case 4 shouldn't pose too much problems unless you restart kurt> > the application more

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Richard Levitte
In message <20180407185034.ga25...@roeckx.be> on Sat, 7 Apr 2018 20:50:35 +0200, Kurt Roeckx said: kurt> > In going from 1.1.0 to 1.1.1, breaking platforms that used to kurt> > work is just plain wrong. kurt> kurt> So then I suggest we support the syscalls on all platforms that

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Kurt Roeckx
On Sat, Apr 07, 2018 at 05:55:14PM +, Salz, Rich wrote: > > Because > > - It is not clear we need to do so > > >That we need to do what? > > Do FIPS compliant random numbers in this release. We will never have that in any release by default, like I already stated a

Re: [openssl-project] Entropy seeding the DRBG

2018-04-07 Thread Richard Levitte
In message <20180407174527.gc20...@roeckx.be> on Sat, 7 Apr 2018 19:45:28 +0200, Kurt Roeckx said: kurt> On Sat, Apr 07, 2018 at 07:00:21PM +0200, Richard Levitte wrote: kurt> > In message <20180407160031.gb12...@roeckx.be> on Sat, 7 Apr 2018 18:00:32 +0200, Kurt Roeckx

Re: [openssl-project] Entropy seeding the DRBG

2018-04-07 Thread Kurt Roeckx
On Sat, Apr 07, 2018 at 07:00:21PM +0200, Richard Levitte wrote: > In message <20180407160031.gb12...@roeckx.be> on Sat, 7 Apr 2018 18:00:32 > +0200, Kurt Roeckx said: > > kurt> On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote: > kurt> > > Can I suggest you try

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Kurt Roeckx
On Sat, Apr 07, 2018 at 06:49:50PM +0200, Richard Levitte wrote: > In message <20180407154649.ga12...@roeckx.be> on Sat, 7 Apr 2018 17:46:50 > +0200, Kurt Roeckx said: > > kurt> | For case 2 above, the timestamp must be trusted. A trusted > kurt> | timestamp is generated and

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Kurt Roeckx
On Sat, Apr 07, 2018 at 04:48:51PM +, Salz, Rich wrote: > >Like I said in the post I just made, I see zero problems with having > that requirement on systems that can support it. I don't see why we > must lower the bar for *everyone* just because we currently need to do > so

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Salz, Rich
>NIST SP800-90A rev1 section 8.6.7 has: Compliance with this was never a stated goal of this release. So not relevant. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Entropy seeding the DRBG

2018-04-07 Thread Richard Levitte
In message <20180407160031.gb12...@roeckx.be> on Sat, 7 Apr 2018 18:00:32 +0200, Kurt Roeckx said: kurt> On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote: kurt> > > Can I suggest you try something like kurt> > >

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Richard Levitte
In message <20180407154649.ga12...@roeckx.be> on Sat, 7 Apr 2018 17:46:50 +0200, Kurt Roeckx said: kurt> On Sat, Apr 07, 2018 at 02:15:51PM +, Salz, Rich wrote: kurt> > I would like to see this put on hold until we fix the ‘now requires 50% more random seeding’ issue. kurt>

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Salz, Rich
>Like I said in the post I just made, I see zero problems with having that requirement on systems that can support it. I don't see why we must lower the bar for *everyone* just because we currently need to do so for VMS Because - It is not clear we need to do so

Re: [openssl-project] Entropy seeding the DRBG

2018-04-07 Thread Kurt Roeckx
On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote: > > Can I suggest you try something like > > https://github.com/usnistgov/SP800-90B_EntropyAssessment to at least > > get an idea? You would need to sample 1 variable and feed that into > > it. > > And yeah, sure, especially if all

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Richard Levitte
Like I said in the post I just made, I see zero problems with having that requirement on systems that can support it. I don't see why we must lower the bar for *everyone* just because we currently need to do so for VMS Cheers, Richard In message

[openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Salz, Rich
I would like to see this put on hold until we fix the ‘now requires 50% more random seeding’ issue. What should I do to force that issue? From: Richard Levitte Reply-To: openssl/openssl

Re: [openssl-project] FW: April Crypto Bulletin from Cryptosense

2018-04-07 Thread Richard Levitte
In message <20180406170540.gk80...@mit.edu> on Fri, 6 Apr 2018 12:05:43 -0500, Benjamin Kaduk said: kaduk> On Fri, Apr 06, 2018 at 04:23:02PM +0200, Andy Polyakov wrote: kaduk> > > This is one reason why keeping around old assembly code can have a cost. :( kaduk> > > kaduk> > >