F. wrote: > If the true random generator is in /dev/random, and I want use only this > device for random data using openssl.cnf: > RANDFILE = /dev/random > > Is this correct? >
This is nearly correct. OpenSSL will read 2048 bytes from it (2048 is hardcoded for device files to avoid endless loops, seems my statement below was not completely up-to-date). The first attempt to generate a pseudo random number will however still read an additonal amount of bytes from /dev/urandom. Best regards, Lutz > > > > El vie, 19-09-2008 a las 23:21 +0200, Gerd Schering escribió: > >>> Yes, it is sufficient. Please note that a source not having a >>> >> definite >> >>> EOF (End Of File) will lead to an infinite loop reading from the >>> >> source. >> >>> It may therefore be necessary to read a specified amount of entropy >>> first into an intermediate file to be fed via "-rand". >>> >>> >> So , if I get it right: we have a "true" random source to seed the >> PRNG >> and this produces "true" random numbers? >> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]