RDRAND used directly when default engines loaded in openssl-1.0.1-beta1 through openssl-1.0.1e
coderman
coderman at gmail.com
Fri Dec 20 04:32:33 PST 2013
On Mon, Dec 16, 2013 at 7:27 PM, coderman <coderman at gmail.com> wrote:
> ...
> "what is affected??"
fortunately impacts are less than anticipated!
nickm devised most concise fix: RAND_set_rand_method(RAND_SSLeay());
always after ENGINE_load_builtin_engines().
https://gitweb.torproject.org/tor.git/commitdiff/7b87003957530427eadce36ed03b4645b481a335
---
full write up is here including a BADRAND engine patch for testing:
https://peertech.org/goodrand
---
last but not least, notable omissions on NSA role in reqs for random
number sources in Appendix E: US Government Role in Current Encryption
Standards.:
http://cryptome.org/2013/12/nsa-usg-crypto-role.pdf
can we get a do-over?
More information about the cypherpunks
mailing list