> -----Original Message-----
> From: DeJuan Jackson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 17, 2000 3:20 PM
> Speaking of RAND_screen what does it use to seed the PRNG?
I believe it uses the contents of the screen buffer, though I haven't looked
at it.
> Does it have to be a prompt or does it actually access the memory location
> for it's entropy? I ask because the applications that I have won't be
running
> at a prompt.
If they're running on a dedicated server, the contents of the screen buffer
probably won't be changing enough to make it a useful entropy source anyway.
> I'm looking for a good consistent way to get some entropy on
> a Windows box.
You might want to take a look at Yarrow. http://www.counterpane.com
Generally, though, this isn't a well-defined problem. Entropy sources tend
to depend strongly on the particular equipment and its particular use.
Things like keystroke timings are useful on workstations, but not much good
on a machine that doesn't see significant interactive use.
The perennial battles over entropy sources in sci.crypt (and now perhaps the
newly-formed sci.crypt.random-numbers) might also be of interest. Many
there seem to lean toward hardware solutions (deriving small amounts of
entropy from noisy sources), though that approach has its pitfalls too.
Michael Wojcik [EMAIL PROTECTED]
MERANT
Department of English, Miami University
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
