[Cryptography-dev] OpenSSL Random Engine PR
Laurens Van Houtven
_ at lvh.io
Mon Jan 20 23:05:06 CET 2014
On Mon, Jan 20, 2014 at 10:30 PM, Jean-Paul Calderone <
jean-paul at hybridcluster.com> wrote:
> On 01/20/2014 03:54 PM, Laurens Van Houtven wrote:
> > On phone, so brief, but: no.
>
> It's email... We can wait for you to get off the phone so you can type a
> complete response. :)
>
Okay. The complete version isn't much longer. They're both just CSPRNGs;
entropy starving can occur on both of them, but shouldn't in most cases for
servers like you outlined (although it's gotten more probable now that
spinning rust is getting rarer and rarer). There is at least no reason to
assume that using the OpenSSL userspace one will lead to better results
than using the urandom CSPRNG; otherwise the kernelspace one would just do
that of course ;-)
The main argument against the OpenSSL one is that it is *way* easier to
screw it up, and the failure cases are typically catastrophic (like same
CSPRNG state...).
The only counterargument that I've heard is that using urandom might leak
some people who already have local code execution (on the same logical
machine) how much entropy you're using. That's true, but AFAIK that has
never been turned into anything remotely threatening.
So, yeah, just use urandom/CryptGenRandom.
lvh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140120/3f30395f/attachment.html>
More information about the Cryptography-dev
mailing list