Ok guys, thank you for your very precious help. Take care.
Marc Gaudichet > -----Message d'origine----- > De : Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED] > Envoyé : vendredi 21 novembre 2003 12:33 > À : Marc Gaudichet > Cc : [EMAIL PROTECTED] > Objet : Re: RE : RAND_status always returns 1 > > > In message > <[EMAIL PROTECTED] > ge.telelogos> on Fri, 21 Nov 2003 11:05:40 +0100, "Marc > Gaudichet" <[EMAIL PROTECTED]> said: > > mgaudichet> >>Hmm, I doubt very much that running RAND_poll() > multiple > mgaudichet> >>times on top of itself gives that much more entropy. > mgaudichet> > mgaudichet> Concerning this, RAND_poll() behaves as follows on Windows > mgaudichet> systems: > mgaudichet> - call to NetStatisticsGet for LanManWorkstation and > mgaudichet> LanManServer services; > mgaudichet> - call to CryptGenRandom to poll the CryptoAPI PRNG > mgaudichet> and the Pentium PRG; > mgaudichet> - call to GlobalMemoryStatus; > mgaudichet> - call to GetCurrentProcessId; > mgaudichet> - call to GetForegroundWindow; > mgaudichet> - call to GetCursorInfo; > mgaudichet> - call to GetQueueStatus; > mgaudichet> - call to thread, process, module and heap polling > mgaudichet> function. > mgaudichet> Don't you think that entropy given is sufficient each time > mgaudichet> RAND_poll() is called ? > > One could think so, but you have to remember that it aquires > all those source if they are available (i.e. aquiring them in > a documented way is supported). You may have noticed that > there are quite a few tests to check if each resource can > really be used. > > mgaudichet> >>The most common form is by loading a file of > randomness, > mgaudichet> >>but I udnerstand that's not a option for you. > mgaudichet> > mgaudichet> What actually bothers me with a file containing > randomness > mgaudichet> is that its contents must be changed quite often, > otherwise > mgaudichet> it's predictable. But maybe the following > solution is not a > mgaudichet> sin (I hope so!) : > mgaudichet> > mgaudichet> /////////////////////////////////////// > mgaudichet> if (!RAND_status()) > mgaudichet> { > mgaudichet> /* If RAND_poll() is not sufficient, then load > randomness > mgaudichet> file */ > mgaudichet> RAND_load_file(g_szFileName,-1); > mgaudichet> } > mgaudichet> /* Rewrite the randomness file so that its > contents changes > mgaudichet> often */ RAND_write_file(g_szFileName); > mgaudichet> /////////////////////////////////////// > > That's a common compromise (programs like PGP and GnuPG do > that). However, I wouldn't do the writing so immediately > after the seed. Rather, I'd do it at exit of the program, if > possible (I know, if the program is forcedly killed, you > loose the chance to write down the randomness). That way, > the pool from which the written data is extracted has been as > stirred as the program allows, thereby increasing the chances > that the new contents of the file are unpredictable. > > ----- > Please consider sponsoring my work on free software. > See http://www.free.lp.se/sponsoring.html for details. > You don't have to be rich, a $10 donation is appreciated! > > -- > Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] > [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 > \ SWEDEN \ or +46-708-26 53 44 > Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] > Member of the OpenSSL development team: http://www.openssl.org/ > > Unsolicited commercial email is subject to an archival fee of > $400. See <http://www.stacken.kth.se/> ~levitte/mail/> for more info. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
