Hey guys, I need to generate random data (for keys, IVs etc.) but I can't seem to find the right way to do it.
Here is the background - I am developing my server in c/c++ on windows using visual studio and am using the openssl1.0.1c library. I was reading the documentation for random data generation using openssl at http://www.openssl.org/docs/crypto/RAND_add.html# and stumbled onto the following - " OpenSSL makes sure that the PRNG state is unique for each thread. O*n systems that provide /dev/urandom, the randomness device is used to seed the PRNG transparently. However, on all other systems, the application is responsible for seeding the PRNG by calling RAND_add(), RAND_egd(3)<http://www.openssl.org/docs/crypto/RAND_egd.html#>or RAND_load_file(3) <http://www.openssl.org/docs/crypto/RAND_load_file.html#>. * RAND_seed() is equivalent to RAND_add() when *num == entropy*. RAND_event() collects the entropy from Windows events such as mouse movements and other user interaction. It should be called with the *iMsg*, * wParam* and *lParam* arguments of *all* messages sent to the window procedure. It will estimate the entropy contained in the event message (if any), and add it to the PRNG. The program can then process the messages as usual. The RAND_screen() function is available for the convenience of Windows programmers. It adds the current contents of the screen to the PRNG. For applications that can catch Windows events, seeding the PRNG by calling RAND_event() is a significantly better source of randomness.* It should be noted that both methods cannot be used on servers that run without user interaction. * " Now, my server does run in an unattended mode so I guess I cannot use the Rand_event() and Rand_screen() methods. How do I securely use the Rand_bytes() method on Windows? I don't already have a file with entropy so RAND_load_file() is out of question and the links on the documentation page for EGD seem to not have an EGD that is supported on Windows. How do I make sure that it is seeded with enough entropy? Any help is appreciated... Regards, Web developer
