Amit Chopra wrote:
>
> Have you explicitly seeded the RNG by calling RAND_seed() or
> RAND_add() ? You need to do that.
>
> For example you can do :
>
> srand((unsigned)(time(NULL))); //C Runtime Function
> int seed[1024];
> for(int i = 0; i < 1024; i++)
> seed[i] = rand(); //C Runtime function
> RAND_seed((unsigned char *)&seed, (1024*(sizeof(int))));
>
> This will seed the RNG with 1024*(sizeof(int))) bytes.
> (With 0.9.5a you need atleast 128 bytes of seed data ).
>
> Can somebody tell me if this method of seeding the RNG secure enough?
> (rand() generates numbers from 0 - 7fffH). I could also throw in
> additional seed in the form of PID, thread ID, system time and
> other private data.
Using only the time(), srand() and rand() function is catastrophical !
The time() function gives a result in seconds. If an adversary can
estimate the day (!) at which the function was called, it has to deal
with an entropy of 16.4 bits (or, in other words, nothing...). All the
generated keys will have a (real) entropy of 16.4 bits.
See EGD, or /dev/random or something like that to seed and don't forgive
that the
whole security of your application depends on this seed value ...
A+
Pascal
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Pascal Junod, [EMAIL PROTECTED] *
* Laboratoire de Sécurité et de Cryptographie (LASEC) *
* ++ 41 (0) 21 693 7617, INR 313, EPFL, CH-1015 Lausanne *
* Route d'Yverdon 25, CH-1028 Préverenges, Switzerland *
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
