[Info-vax] Security, TLS, PRNGs (was: Re: Roadmap)
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Wed Jan 2 11:43:31 EST 2019
On 2019-01-02 14:51:01 +0000, John Reagan said:
> Seriously, we've been talking about PRNGs, entropy pools, OpenSSL, etc.
> Having access to the underlying x86 instructions (either as C
> builtins, new MATH$ entry points, enhanced MATH$ entry points, etc.)
> will be a part of that.
One of the referenced instructions:
https://en.wikipedia.org/wiki/RDRAND — feeding that entropy into Yarrow
or Fortuna is likely preferable, though trusting RDRAND will be simpler
to code.
As has been discussed previously, there's LibreSSL/libtls and some
other options in addition to OpenSSL.
http://www.openbsd.org/papers/libtls-fsec-2015/mgp00001.html
Higher-level API and related abstractions are being provided by various
grpoups. Here is one:
https://developer.apple.com/documentation/security/secure_transport
LibreSSL is another.
I'd expect folks many folks would prefer to use a higher-level and a
different abstraction than what the OpenSSL APIs offer, though there is
more than a little existing code that already uses those OpenSSL APIs.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list