The cr.yp.to microblog: 2013.01.11 22:41:02

2013.01.11 22:41:02 (289849422366523393) from Daniel J. Bernstein, replying to "CodesInChaos (@CodesInChaos)" (289799100310892544):

OpenSSL shouldn't be managing its own PRNG; it should be asking the OS. (In a VM the OS should ask the hypervisor.) @CodesInChaos

Context

2013.01.11 19:11:24 (289796667077701632) from Daniel J. Bernstein:

Intel says that RDRAND is meant to "feed entropy directly to the register space of the running application". Huge design mistake.

2013.01.11 19:21:04 (289799100310892544) from "CodesInChaos (@CodesInChaos)":

@hashbreaker I don't think so. The OS can seed /dev/(u)random with it, and libraries like OpenSSL can seed their PRNG directly.