Issue 20952: OpenSSL and RDRAND (original) (raw)
Issue20952
Created on 2014-03-16 22:43 by Jeffrey.Walton, last changed 2022-04-11 14:58 by admin. This issue is now closed.
| Messages (3) | ||
|---|---|---|
| msg213769 - (view) | Author: Jeffrey Walton (Jeffrey.Walton) * | Date: 2014-03-16 22:43 |
| Some versions of OpenSSL use the RDRAND engine by default. The versions include openssl-1.0.1-beta1 through openssl-1.0.1f. RDRAND has taken some criticism because its essentially unaudited and it could be spiked like the Dual-EC generator (http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html). If the RDRAND engine is in effect, then the application and the library (internally) will be using the generator. But some some folks don't want to use an unaudited generator. I'm not sure what the best action is to take. For reading on ways to disable the RDRAND engine, see http://seclists.org/fulldisclosure/2013/Dec/142. | ||
| msg213775 - (view) | Author: Antoine Pitrou (pitrou) *  |
Date: 2014-03-16 23:30 |
| Apart from our Windows binaries, this doesn't seem much of a Python issue. Python normally links with whatever the system OpenSSL is. | ||
| msg404690 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2021-10-21 22:24 |
| Thankfully RDRAND is no longer a concern for us. All OpenSSL versions in official Python.org installers and supported by recent Python versions have a strong and fork-safe RNG. |
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:00 | admin | set | github: 65151 |
| 2021-10-21 22:24:55 | christian.heimes | set | status: open -> closedresolution: fixedmessages: + stage: resolved |
| 2014-03-16 23:30:35 | pitrou | set | nosy: + loewismessages: + |
| 2014-03-16 23:25:01 | r.david.murray | set | nosy: + pitrou, christian.heimes |
| 2014-03-16 22:43:43 | Jeffrey.Walton | create |