On 30.07.25 13:55, Daniel Gustafsson wrote:
>> The point still stands that the number of installations without OpenSSL support is approximately zero, so what is
thepurpose of this patch if approximately no one will be able to use it?
> The main usecase I've heard discussed (mostly in hallway tracks IIRC) is to
> allow multiple PRNG's so that codepaths which favor performance over
> cryptographic properties can choose, this would not be that but a small step on
> that path (whether or not that's the appropriate step is debatable).
This sounds like a reasonable goal. Intuitively, you want stronger
randomness for hashing a password than for generating UUIDs. Then
again, it's not clear how much stronger exactly. RFC 9562 does call for
"cryptographically secure" random numbers. Do we want multiple levels
of "strong" or "secure"? This needs a lot more analysis.
