On Tue, Feb 08, 2000 at 01:25:58PM -0800, Yoram Meroz wrote:
> -- In md_rand.c the function ssleay_rand_bytes() returns an error if the
> random number generator had been seeded with less than 128 bits. Where does
> this number come from?
2^7. :)
128 bits is what you usually use as the minimum key size for symmetric
ciphers, so it wouldn't make much sense to generate keys with less
entropy.
> -- It isn't easy to generate 128 random bits on a typical desktop machine
> without some explicit user input. What do commercial browsers (Netscape, IE)
> supporting SSL do to initialize their random number generators?
I don't know what commercial browsers do, but the RAND_add() manual
page contains a reference to a document describing sources of
randomness and suggests a method to be used on Windows desktop
machines.
Without user input you have a problem if your OS doesn't provide a
random device.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
