F. wrote:
> If the true random generator is in /dev/random, and I want use only this
> device for random data using openssl.cnf:
> RANDFILE = /dev/random
>
> Is this correct?
>
This is nearly correct. OpenSSL will read 2048 bytes from it
(2048 is hardcoded for device files to avoid endless loops, seems my
statement below was not completely up-to-date).
The first attempt to generate a pseudo random number will however
still read an additonal amount of bytes from /dev/urandom.
Best regards,
Lutz
>
>
>
> El vie, 19-09-2008 a las 23:21 +0200, Gerd Schering escribió:
>
>>> Yes, it is sufficient. Please note that a source not having a
>>>
>> definite
>>
>>> EOF (End Of File) will lead to an infinite loop reading from the
>>>
>> source.
>>
>>> It may therefore be necessary to read a specified amount of entropy
>>> first into an intermediate file to be fed via "-rand".
>>>
>>>
>> So , if I get it right: we have a "true" random source to seed the
>> PRNG
>> and this produces "true" random numbers?
>>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
