At 04:10 PM 5/4/01 +0300, Andreas Bäck wrote:
The core question is what [it] takes to port it to an embeded system.
FWIW: my number one worry about porting SSL to an embedded system is where
I get my entropy. Because my company sells embedded OS's to end
developers, I need a general solution
Lee,
unpredictable random numbers required for ssl client to set
pre-master secret, client key exchange message, rsa mode.
One can run a reverse solution with SSL client on a web server.
Unfortunately this breaks HTTPS. However, you still have
a secure solution and a CA in business :)
would
04, 2001 10:55 AM
To: [EMAIL PROTECTED]
Subject: Re: Embedded SSL and randomness
Lee,
unpredictable random numbers required for ssl client to set
pre-master secret, client key exchange message, rsa mode.
One can run a reverse solution with SSL client on a web server.
Unfortunately this breaks
On Fri, 4 May 2001, Dilkie, Lee wrote:
It is critical to get the initial seed with as much entropy as possible
yes, it's traditional way to keep openssl' PRNG happy.
However, a random inside server hello is sent in clear
and it may be appropriate to use low-quality clock-based source here.