[guardian-dev] using /dev/random in openssl
daniel at binaryparadox.net
Thu Mar 27 23:31:41 EDT 2014
On 27/03, Hans-Christoph Steiner wrote:
> Anyone have any opinions about generating keys with openssl using /dev/random
> on GNU/Linux? i.e.
> openssl genrsa -out key.pem -rand /dev/random 2048
> I figure there had been many flaws related to poorly seeded and implemented
> CSPRNGs that might as well just use pure random. Sure, it takes a lot longer,
> but its only once.
Seems like a good idea to avoid userland csprngs in favour of the OS
csprng. That's what Google recommends on Android too.
For what its worth some folks think that /dev/urandom is a better choice.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 620 bytes
Desc: not available
More information about the Guardian-dev