Hello, I am using OpenSSL 0.9.8l on windows that is built according to FIPS user guide. And I would like to understand what is the strength in terms of random of the random data that is gathered by OpenSSL built in functions that poll for random data on OpenSSL startup (rand_poll function). I have read this PDF http://www.cypherpunks.to/~peter/06_random.pdf, and according to it OpenSSL built in functions poll very little random, how ever it was published some time ago, and I am not sure if it is still accurate. I have also reviewed the code of RAND_poll in rand_win.c, and it looks like random data is polled from multiple sources. I am aware that software that is using OpenSSL should seed the random state with additional seeds to increase randomness, how ever I would like if possible to know what is the randomness status after OpenSSL startup. Something like "After OpenSSL startup, its built in function will gather random from multiple sources, and will generate a random state which strength is X bits", I would like to know what X is (I have seen in rand_win.c some comments like " /* assume 1 byte of entropy */ " , " /* assume 2 bytes of entropy */ ", so I would like to know if there is total known strength). Any help on this issue would be great. Thanks, Hagai
