Skip to Content [alt-c]

Andrew Ayer


LibreSSL's PRNG is Unsafe on Linux [Update: LibreSSL fork fix]

Comment by Reader David Johnston

Posted in reply to Comment by Andrew Ayer.

This comment is owned by whoever posted it. I am not responsible for it in any way.

A library RNG should probably accept its place in the universe as a thing that will get forked and rather than trying to second guess the system it should instead either mix in new entropy on every call or should direct the programmer to use more effective resources (operating system RNG service, instruction set RNG, etc.).

I don't think a linkable library is really the right place for an RNG. It's fine for providing a conservative way to access system entropy, but not fine for operating in isolation and a CSPRNG.

| Posted on 2014-07-16 at 22:48:06 UTC by Reader David Johnston | Parent | Reply to This

Post a Reply

Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible. Use the "Preview" button to make sure your comment is properly formatted. Name and email address are optional. If you specify an email address it will be kept confidential.

Post Comment

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with ">" are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim.
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.