This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Holger Freyther holger at freyther.de> On 5. Oct 2017, at 15:35, Harald Welte <laforge at gnumonks.org> wrote: > > Hi Holger, Hi, >> Picking something like RAND_bytes of OpenSSL for TMSIs seems to be the >> best way. It will re-seed itself (and we are not forking). > > Ok, then let's do that. Maybe to expand on the "forking" part. OpenSSL didn't (and might not do it right now) re-seed on fork. This created some security issues on other platforms (maybe the most noticeable was Android, e.g. two processes generating the same random numbers). >> If the OpenSSL dependency is too bad (license compatibility, the move to the Apache license >> could help us here for GPLv3+ software) > > Yes, the new apache-style license makes this less of a headache. > > So then we conclude for now: > > * TMSIs and other temp identifiers: openssl RAND_bytes() > * random challenges for authentication: also RAND_bytes, or getrandom()? > * secret key generation (which we don't implement, so far: ? I would use RAND_bytes() in all of these cases