- From: Glenn Maynard <glenn@zewt.org>
- Date: Mon, 14 Feb 2011 18:36:31 -0500
On Mon, Feb 14, 2011 at 5:46 PM, Shabsi Walfish <shabsi at google.com> wrote: > This depends on what you consider to be the basic use case. Generating > long-lived cryptographic keys absolutely requires high quality entropy... if > you are only generating short-lived authenticators (that are not used for > encryption) then you could get away with weaker entropy. You will get the > most mileage out of this feature if it can be used to generate encryption > keys, or long-lived signing keys. OpenSSL gets randomness for generating keys by reading /dev/urandom. It doesn't seem to do any other tricks, like reading /proc/sys/kernel/random/entropy_avail. That at least suggests it's sufficient for securely generating keys, without more complex APIs like exposing the amount of entropy that was available. -- Glenn Maynard
Received on Monday, 14 February 2011 15:36:31 UTC