[Ach] Random number generators (was Bug/Ba in OpenSSL)

Adi Kriegisch adi at kriegisch.at
Tue Nov 26 13:28:50 CET 2013


> I still don’t think that we should recommend switching to other RNGs then those provided by the OS. If we do so, please cite why one should do that.
Actually we're talking about two things here: HAVEGE and haveged: HAVEGE is
an algorithm and haveged is a Linux/UNIX daemon that injects its entropy
into the Linux/UNIX entropy pool.
Switching from /dev/(u)random to something else is ridiculous as a recommendation
for our paper. The question is wether it makes sense to suggest using
haveged as an additional source of entropy on a server. (btw. I checked KVM
and XEN on a recent Debian for availability of RDRTC in guests and both of
them implement that function and *do NOT* just return 0 or 1, so there
should be at least some entropy comming out of haveged...

-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131126/62a37870/attachment.sig>

More information about the Ach mailing list