[Pkg-openssl-devel] Bug#742145: openssl: uses only 32 bytes (256 bit) for key generation
Florian Weimer
fw at deneb.enyo.de
Wed Mar 19 20:33:10 UTC 2014
* Thorsten Glaser:
>>Historically, the OpenSSL command line tools have been intended for
>>debugging only.
>
> I disagree,
It's what I was told by the OpenSSL developers.
> Also, what do other tools (that do not invoke openssl(1)
> unlike most of these I saw, which were shell wrappers
> around it) do, entropy-wise?
There are different choices. Some use more bits from /dev/urandom,
some even block on /dev/random. The latter is quite problematic for
non-interactive key generation during package isntallation.
More information about the Pkg-openssl-devel
mailing list