On 5. Oct 2017, at 15:35, Harald Welte
<laforge(a)gnumonks.org> wrote:
Hi Holger,
Hi,
Picking
something like RAND_bytes of OpenSSL for TMSIs seems to be the
best way. It will re-seed itself (and we are not forking).
Ok, then let's do that.
Maybe to expand on the "forking" part. OpenSSL didn't (and might not do
it right now) re-seed on fork. This created some security issues on other
platforms (maybe the most noticeable was Android, e.g. two processes
generating the same random numbers).
If the OpenSSL
dependency is too bad (license compatibility, the move to the Apache license
could help us here for GPLv3+ software)
Yes, the new apache-style license makes this less of a headache.
So then we conclude for now:
* TMSIs and other temp identifiers: openssl RAND_bytes()
* random challenges for authentication: also RAND_bytes, or getrandom()?
* secret key generation (which we don't implement, so far: ?
I would use RAND_bytes() in all of these cases