These seem like really good mitigations to make a userland RNG safe. But makes me wonder why they don’t just use a kernel RNG.https://aws.amazon.com/blogs/opensource/better-random-number-generation-for-openssl-libc-and-linux-mainline/ …
-
-
Replying to @matthew_d_green
Reason 1: speed, we (and OpenSSL, BoringSSL, etc ...) have per-thread RNGs to avoid lock contention (either in user-space or the kernel). Matters most for per-record explicit IVs and hello messages. Recent improvements in Linux and libc perf should fix this.
2 replies 1 retweet 6 likes -
Replying to @colmmacc @matthew_d_green
Reason 2: In-kernel RNGs have been their own poorly audited moving target, getting better though!
2 replies 1 retweet 1 like
Replying to @colmmacc @matthew_d_green
Reason 3: We use OpenSSL/BoringSSL libcrypto for some operations, and wanted to over-ride its internal RNG with something we understood. Glad we're converging now!
0 replies
1 retweet
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.