[Opendnssec-develop] libhsm: hsm_random() and friends
Jelte Jansen
jelte at NLnetLabs.nl
Wed May 20 10:07:38 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Dickinson wrote:
>
> On 20 May 2009, at 10:42, Jakob Schlyter wrote:
>
>> hi,
>>
>> can someone remind me and why we want a hsm_random() function in
>> libhsm? if not, we should remove it for now. for the jitter needed by
>> the signer, it seems a bit overkill to use the HSM for that.
>
>
> for the salt? Also the HSM is likely to be the best source of randomness
> in the system.
>
turns out that implementing it was easier than discussing it, but i've done it
naively; if no tokens with rngs are attached, it will return an error (or the
not-so-random value 0).
talking about seeding; are hsm's with rngs guaranteed to be seeded? there is a
function S_SeedRandom but according to the docs this is only to add additional
seeding data. So i'm assuming that the hsm seeds itself (and that
C_GenerateRandom is a pseudo btw)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoT1moACgkQ4nZCKsdOncXc3gCdGWR/ebT51Y4v52vgHyTqIQNc
gYAAn00w4ymGuoUTCuOYUwc18HMor3eR
=4xST
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list