[Ach] Bug/Ba in OpenSSL

L. Aaron Kaplan kaplan at cert.at
Mon Nov 25 10:54:47 CET 2013

On Nov 25, 2013, at 8:35 AM, Klaus Darilion <klaus.darilion at nic.at> wrote:

> On 25.11.2013 04:36, Aaron Zauner wrote:
>> I'm not aware of any projects or code that is using this random number generator of the FIPS module in OpenSSL. There is a lot of unused but still implemented code in OpenSSL. I might be wrong, if so please provide details.
>> BTW. Matt Green wrote an insteresting blog post about this RNG: http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
> Maybe it would be useful to add some words about random generators too. E.g. practical advices to get good random generators and lots of entropy if you need to generate lots of key materials (e.g. tools like entropy tokens, haveged, ...)

Absolutely, agreed!
In the latest version of the document (see the web-page), section 7 "Random Number Generators" has a big "TODO: still write this section" there :)


// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131125/b86b9437/attachment.sig>

More information about the Ach mailing list