Message 213769 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Jeffrey.Walton
Recipients	Jeffrey.Walton
Date	2014-03-16.22:43:42
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1395009823.06.0.12513934029.issue20952@psf.upfronthosting.co.za>
In-reply-to

Content
Some versions of OpenSSL use the RDRAND engine by default. The versions include openssl-1.0.1-beta1 through openssl-1.0.1f. RDRAND has taken some criticism because its essentially unaudited and it could be spiked like the Dual-EC generator (http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html). If the RDRAND engine is in effect, then the application and the library (internally) will be using the generator. But some some folks don't want to use an unaudited generator. I'm not sure what the best action is to take. For reading on ways to disable the RDRAND engine, see http://seclists.org/fulldisclosure/2013/Dec/142.

Some versions of OpenSSL use the RDRAND engine by default. The versions include openssl-1.0.1-beta1 through openssl-1.0.1f.

RDRAND has taken some criticism because its essentially unaudited and it could be spiked like the Dual-EC generator (http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html).

If the RDRAND engine is in effect, then the application and the library (internally) will be using the generator. But some some folks don't want to use an unaudited generator.

I'm not sure what the best action is to take. For reading on ways to disable the RDRAND engine, see http://seclists.org/fulldisclosure/2013/Dec/142.

History
Date	User	Action	Args
2014-03-16 22:43:43	Jeffrey.Walton	set	recipients: + Jeffrey.Walton
2014-03-16 22:43:43	Jeffrey.Walton	set	messageid: <1395009823.06.0.12513934029.issue20952@psf.upfronthosting.co.za>
2014-03-16 22:43:43	Jeffrey.Walton	link	issue20952 messages
2014-03-16 22:43:42	Jeffrey.Walton	create