> Anyway, this is what I did:
> unsigned char entropy[4096];
>
> /* Then I call the SSL_load_error_strings() and
> OpenSSL_add_all_algorithms()
> * routines, and create my context. Then, . . .
> */
>
> RAND_bytes(entropy, 4000);
> RAND_seed(entropy, 3000);
you've just seeded with bytes generated with an unseeded PRNG.
Try using RAND_egd after installing the egd (entropy gathering
daemon) on your machine.
openssl makes sure it get's enough bytes, but not that the bytes
are suitably random. technically you could do the following:
unsigned char entropy[4096];
for ( count=0;count<4096;count++) entropy[count]=0;
RAND_seed(entropy,3000)
and the PRNG will not complain.
**This does not mean that data is decent data!***
You could keep a file around with random data in it (copy parts
of your kernel the first time) and read from it with RAND_load_file
and then write out new rand data to it with RAND_write_file later
for use the next time it's read. This file will thus become differently
random over time, always providing you a constant source of good random
bytes.
> And everything works.
Running and working be different beasts.
> A final question, though: Is it necessary to re-seed the PRNG from time
> to time? or is this really strong enough to just hit it once?
If you seeded the PRNG with a good seed initially, you don't need to
re-seed, it'll stir itself up over time. But you must not seed the PRNG
with the same data ever (for example the 3000 '0' bytes in my code above)
or you make it easy for folks to narrow down the possibilities they must
try to break your connection(s).
--
Brian Hatch Everyone is entitled
Systems and to my opinion.
Security Engineer
http://www.ifokr.org/bri/
Every message PGP signed
PGP signature
