[Ach] Fwd: Bug/Ba in OpenSSL

ianG iang at iang.org
Mon Nov 25 17:29:59 CET 2013

On 25/11/13 10:35 AM, Klaus Darilion wrote:
> On 25.11.2013 04:36, Aaron Zauner wrote:
>> I'm not aware of any projects or code that is using this random number
>> generator of the FIPS module in OpenSSL. There is a lot of unused but
>> still implemented code in OpenSSL. I might be wrong, if so please
>> provide details.
>> BTW. Matt Green wrote an insteresting blog post about this RNG:
>> http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
> Maybe it would be useful to add some words about random generators too.
> E.g. practical advices to get good random generators and lots of entropy
> if you need to generate lots of key materials (e.g. tools like entropy
> tokens, haveged, ...)

Typically, when it comes to RNGs, tools should use the default 
available, and mucking around with options isn't advisable.

If we look at the problems we've had with RNGs, they've been mostly 
unfixable at the user level.  From memory, early Java, Android, Debian.

The counterpoint is DUAL_EC, as it was a default engineered by the NSA's 
finest, and recommended by RSA because "our technology is backed by 
highly regarded cryptographic experts."  Unlike open source, they say :) 
  So we could have fixed it, but only by going against the best advice 
available.  Not really helpful as a strategy for the future, if you get 
my drift...

In short:  use it as it is setup, or write your own.  There isn't a lot 
of middle ground.


More information about the Ach mailing list