"Fisk, Kevin" <[EMAIL PROTECTED]> writes:
> I believe this was actually from a sample provided to us by Eric in response
> to a question we posted on the list.
SOP for OpenSSL prior to the wide availability of /dev/random. was to
collect a bunch of "random" data from various sources on the machine
(syslog, netstat, ps, etc.) and stuff those in some random file which
you'd suck in via RAND_load_file(). OpenSSL would seed in the time of
day and pid to ensure that even if two processes accessed the same
random file their streams would be different. Naturally, this file
needs to be made unreadable to everyone else or they can reproduce
your random stream. [0]
With the wide availability of /dev/random, etc., this has become
a less importatn tactic.
-Ekr
[0] PureTLS takes a slightly different attitude in that I encrypt
the file under a password, since Java doesn't make it easy to
manipulate permissions. Since the examples from my book shared
keying material I just used the same file for both. When OpenSSL
reads the data, it reads the plaintext but as long as it's
unreadable to others it doesn't make any difference since
encrypted randomness is just as random than simple randomness :)
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
