Hello Driss,
I'll hope that may help See http://www.openssl.org/support/faq.html :
Why do I get a "PRNG not seeded" error message?
Cryptographic software needs a source of unpredictable data to work
correctly. Many open source operating systems provide a "randomness device"
(/dev/urandom or /dev/random) that serves this purpose. All OpenSSL versions
try to use /dev/urandom by default; starting with version 0.9.7, OpenSSL also
tries /dev/random if /dev/urandom is not available. On other systems,
applications have to call the RAND_add() or RAND_seed() function with
appropriate data before generating keys or performing public key encryption.
(These functions initialize the pseudo-random number generator, PRNG.) Some
broken applications do not do this. As of version 0.9.5, the OpenSSL functions
that need randomness report an error if the random number generator has not
been seeded with at least 128 bits of randomness. If this error occurs and is
not discussed in the documentation of the application you are using, please
contact the author of that application; it is likely that it never worked
correctly. OpenSSL 0.9.5 and later make the error visible by refusing to
perform potentially insecure encryption. If you are using Solaris 8, you can
add /dev/urandom and /dev/random devices by installing patch 112438 (Sparc) or
112439 (x86), which are available via the Patchfinder at
http://sunsolve.sun.com (Solaris 9 includes these devices by default). For
/dev/random support for earlier Solaris versions, see Sun's statement at
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
(the SUNWski package is available in patch 105710). On systems without
/dev/urandom and /dev/random, it is a good idea to use the Entropy Gathering
Demon (EGD); see the RAND_egd() manpage for details. Starting with version
0.9.7, OpenSSL will automatically look for an EGD socket at /var/run/egd-pool,
/dev/egd-pool, /etc/egd-pool and /etc/entropy. Most components of the openssl
command line utility automatically try to seed the random number generator from
a file. The
name of the default seeding file is determined as follows: If environment
variable RANDFILE is set, then it names the seeding file. Otherwise if
environment variable HOME is set, then the seeding file is $HOME/.rnd. If
neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will use file
.rnd in the current directory while OpenSSL 0.9.6a uses no default seeding file
at all. OpenSSL 0.9.6b and later will behave similarly to 0.9.6a, but will use
a default of "C:\" for HOME on Windows systems if the environment variable has
not been set. If the default seeding file does not exist or is too short, the
"PRNG not seeded" error message may occur. The openssl command line utility
will write back a new state to the default seeding file (and create this file
if necessary) unless there was no sufficient seeding. Pointing $RANDFILE to
an Entropy Gathering Daemon socket does not work. Use the "-rand" option of the
OpenSSL command line tools instead. The $RANDFILE
environment variable and $HOME/.rnd are only used by the OpenSSL command line
tools. Applications using the OpenSSL library provide their own configuration
options to specify the entropy source, please check out the documentation
coming the with application.
Best regards,
Abderrahmane,
EL HACHIMI Driss <[EMAIL PROTECTED]> a écrit :
Hello,
I need to generate 3 DES keys in order to encrypt a password, I'm using
DES_random_key () to generate my keys but first, The PRNG must be seeded and I
don't which function to call to perform this step.
To encrypt my password, this is what I think I'd need to do:
seed the PRNG using ?
generate 3DES keys using DES_random_key()
encrypt my password using DES_ede3_cbc_encrypt()
Thanks
Best Regards
Driss
---------------------------------
Envoyé avec Yahoo! Mail.
La boite email la plus appreciée au monde.
---------------------------------
Envoyé avec Yahoo! Mail.
Capacité de stockage illimitée pour vos emails.
