In message <[EMAIL PROTECTED]> on Thu, 19 Jun 2003 13:40:19 -0700 (PDT), Michelle Li
<[EMAIL PROTECTED]> said:
xiaowei> I just wrote a program using OpenSSL crypto library (version
xiaowei> 0.9.7b). Everything works fine. But I have concerns about
xiaowei> whether I should seed the PRNG and exactly how to do that.
If things seemed to work, it seems OpenSSL was able to find a minimum
of random data that was enough to fit the requirements for minimum
entropy coded into OpenSSL. Therefore, if that minimum is enough
(something you have to judge for yourself), you're fine.
If you want more entropy, you could use some extra randomness server,
for example prngd (look it up in Google). OpenSSL 0.9.7 and on can
read randomness from a prngd channel automagically as long as said
channel is a named socket on one of the known places.
If you want to add more entropy, you have to do it with RAND_seed().
How you get that entropy is entirely up to you and the possibilities
of your environment. It could be background noise from your local
input line (a built-in microphone, like you find in most laptops), or
random network data, or...
Unless you're very concerned about entropy, I'd be happy with the
stuff that OpenSSL finds on it's own.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
