[Ach] Random number generators (was Bug/Ba in OpenSSL)

Aaron Zauner azet at azet.org
Tue Nov 26 15:54:16 CET 2013

On 26 Nov 2013, at 15:49, Ralf Schlatterbeck <rsc at runtux.com> wrote:
> I think for embedded devices it definitely makes sense to run haveged
> for getting more entropy. Sad fact is that OpenSSL doesn't seem to be
> configurable to use /dev/random instead of /dev/urandom, otherwise I'd
> recommend that too, at least for embedded devices.

Configuring OpenSSL to use /dev/random on embedded devices would render OpenSSL useless and any service that relies on it. Just do a cat on random to see that there will almost nothing coming out of /dev/random on embedded devices. _This_is_a_blocking_operation_.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131126/e894348b/attachment.sig>

More information about the Ach mailing list