CryptoAPI is a standard component that you can expect to have on any
machine which has IE5 or later installed. You can also expect it to
be on Windows 2000+ as a default, as well as NT4SP3 or higher.
It uses the same mechanisms that the various /dev/urandom|/dev/random
implementations use, including measuring the time of any disk or
network access. (For more information, please see MSDN's
documentation on CryptoAPI. It mentions some of the things that it
stirs into its entropy pool.)
-Kyle H
On 9/27/06, Erik Leunissen <[EMAIL PROTECTED]> wrote:
Dr. Stephen Henson wrote:
>
> OpenSSL makes use of some standard sources of entropy on various platforms to
> seed the PRNG automatically. On linux this includes the /dev/urandom device
> and on Windows various things including the CryptoAPI PRNG.
>
OK, that explains, thanks.
The program is going to be distributed to clients who run a Windows
variant (2000, XP) or a unix-like OS (*BSD, Solaris, Linux, ...).
I reckon that /dev/urandom is present on most unices, so I can count on
the automatic PRNG seeding. However, on the Windows platforms I question
whether that is the case. Is CryptoAPI PRNG a standard component of the
OS which I can presume to be present?
("Network security with OpenSSL" mentions several times that Windows has
no built-in entropy-gathering mechanism that seeds a standard PRNG,
which is why the egads program was written.)
If not, I want to be able to detect whether the PRNG has been seeded
before OpenSSL complains. How would I do that?
TIA,
Erik Leunissen
==============
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
-Kyle H
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
