> You should seed OpenSSL's random number generator directly using > CryptGenRandom (and other entropy you might have). > Once the generator is seeded, it won't attempt to auto-seed itself with the > RAND_poll gear.
Thank you for that workaround advice, Jeff. I've passed it on to the folks using the library calls. The OpenSSL library developers might still want to consider alternate heap walk coding, if for no other reason than for those who use the library without having seen the wiki page mentioned and knowing they should seed it themselves. The library designers may feel the 1 second used in RAND_poll() is time well spent adding up memory blocks, when mostly it's just wasted. We measured a 1000 to 1 ratio between the time spent in Heap32Next() retrieving memory block pointers and the time spent accumulating entropy in RAND_add(). Thanks again. -Noel -----Original Message----- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jeffrey Walton Sent: Mon, January 19, 2015 12:02 AM To: OpenSSL Users List Subject: Re: [openssl-users] Long startup time and poor entropy on Windows due to inefficient heap walking In RAND_poll() You should seed OpenSSL's random number generator directly using CryptGenRandom (and other entropy you might have). Once the generator is seeded, it won't attempt to auto-seed itself with the RAND_poll gear. Also see http://wiki.openssl.org/index.php/Random_Numbers. It advises that you seed the generator directly rather than depending on the library doing it through RAND_poll. Jeff _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
