In message <[EMAIL PROTECTED]> on Fri, 21 Nov 2003 11:05:40 +0100, "Marc Gaudichet"
<[EMAIL PROTECTED]> said:
mgaudichet> >>Hmm, I doubt very much that running RAND_poll() multiple
mgaudichet> >>times on top of itself gives that much more entropy.
mgaudichet>
mgaudichet> Concerning this, RAND_poll() behaves as follows on Windows
mgaudichet> systems:
mgaudichet> - call to NetStatisticsGet for LanManWorkstation and
mgaudichet> LanManServer services;
mgaudichet> - call to CryptGenRandom to poll the CryptoAPI PRNG
mgaudichet> and the Pentium PRG;
mgaudichet> - call to GlobalMemoryStatus;
mgaudichet> - call to GetCurrentProcessId;
mgaudichet> - call to GetForegroundWindow;
mgaudichet> - call to GetCursorInfo;
mgaudichet> - call to GetQueueStatus;
mgaudichet> - call to thread, process, module and heap polling
mgaudichet> function.
mgaudichet> Don't you think that entropy given is sufficient each time
mgaudichet> RAND_poll() is called ?
One could think so, but you have to remember that it aquires all those
source if they are available (i.e. aquiring them in a documented way
is supported). You may have noticed that there are quite a few tests
to check if each resource can really be used.
mgaudichet> >>The most common form is by loading a file of randomness,
mgaudichet> >>but I udnerstand that's not a option for you.
mgaudichet>
mgaudichet> What actually bothers me with a file containing randomness
mgaudichet> is that its contents must be changed quite often,
mgaudichet> otherwise it's predictable. But maybe the following
mgaudichet> solution is not a sin (I hope so!) :
mgaudichet>
mgaudichet> ///////////////////////////////////////
mgaudichet> if (!RAND_status())
mgaudichet> {
mgaudichet> /* If RAND_poll() is not sufficient, then load randomness file
mgaudichet> */
mgaudichet> RAND_load_file(g_szFileName,-1);
mgaudichet> }
mgaudichet> /* Rewrite the randomness file so that its contents changes often */
mgaudichet> RAND_write_file(g_szFileName);
mgaudichet> ///////////////////////////////////////
That's a common compromise (programs like PGP and GnuPG do that).
However, I wouldn't do the writing so immediately after the seed.
Rather, I'd do it at exit of the program, if possible (I know, if the
program is forcedly killed, you loose the chance to write down the
randomness). That way, the pool from which the written data is
extracted has been as stirred as the program allows, thereby
increasing the chances that the new contents of the file are
unpredictable.
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
