From: Mike Lempriere <[EMAIL PROTECTED]>
>
> Am I missing something here? The point is to get a _truly_ random number,
> right?
>
> a) Why not use your processes PID?
> b) Sound card input would also be excellent.
> c) Time read straight from the clock chip helps, it's number of seconds
> since Jan 1980, so it doesn't repeat, though it is predictable. Using
> it as a seed would help though.
> d) Mouse pointer coordinates would be excellent if they have a mouse
> (WinNT or X).
> e) Perhaps window position coordinates (WinNT or X)?
> f) Perhaps just use the standard C runtime functions to get a random
> number, and use that as a memory address to read into some kernel
> tables (eg. process table) for a value. Obviously this would have to
> be a kernel process to get at those tables (all OSes).
> g) Ask the video card for scan position. As the program could ask at any
> time, this would be very random (within a small range).
> h) Ask the keyboard hardware for scan index. As g), this is random as
> the software could ask at any time. (Is this info available?)
> i) Ask the network driver for the number of bytes/packets sent. This
> should be easily accessed, and will always be changing.
>
> My point is that there are a whole bunch of ways to do this in software.
> There are a bazillion different values in any given computer that are
> changing over time in unrelated ways. They can be used in conjunction to
> come up with a very random number.
>
Are you shure the processes you mentioned can generate each of the
2**128 keys possible for a 128-bit cryptosystem? I wouldn´t be so sure.
Remember, when the experts implemented the first version of SSL, it was
crackable by a PC in a question of days because the randomness (entropy)
available to generate the random keys for RC4 128-bit encryption was
only equal to 2*22 bits... The point is if you really want 128-bit privacy,
you need a good RNG with the necessary entropy.
Regards,
J. Andrew Hall.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
