Re: Re: Hardened OpenSSL fork
On Tue, 29 Apr 2014, Steven Chamberlain wrote:
> On Mon, 28 Apr 2014 16:52:10 +0000 (UTC), daThorsten Glaser wrote:
> > For their OpenSSL fork, specifically, they rely on some system
> > properties such as their RNG’s behaviour way too much [...]
>
> I would think Linux and FreeBSD have much better PRNGs now than what has
> been done until now in OpenSSL.
No, not exactly. Linux’ /dev/urandom is way too small, it has only
512 bits of state, which makes all sorts of people object to code
reading more than 8/16 or at best 32 bytes out of it for any given
application.
> not trustworthy, OpenSSL is resorting to mixing in uninitialised blocks
> of memory, the time, private key exponents, digests, in one case a
> structure returned by stat()
It also adds 32 bytes from /dev/urandom (see #742145 where I find
that a bit few, but given the above it’s reasonable), and from
~/.rnd or another randfile (not any more in LibreSSL).
bye,
//mirabilos
--
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font. -- Rob Pike in "Notes on Programming in C"
Reply to: