> There should be some workaround for systems without /dev/urandom !
I posted a pointer to a to a secure random mechanism which is portable and
does not rely on the user input and because of the continuous number of
complaints on the subject, I am quite surprised that no one asked for this
or a similar mechanism to be integrated into OpenSSL.
This random number package, called librand, is based on event interval
variations:
ftp://ftp.research.att.com/dist/mab/librand.shar
On the same idea, I also have a variation of this mechanism only based on
threads. The code is written for Win32 but I gess it could be ported for
unix quite easily. I copy the source code at the end of this message in the
event that somoen is interested.
Remarque: if it would be for Windows only, a loop on the
GetPerformanceCounter as proposed in a previous post (without sleep) say 20
times should also do the trick.
Nicolas Roumiantzeff.
/* "spinners" */
#include <windows.h>
#include <rand.h>
typedef struct
{
volatile long lTimes;
volatile unsigned long ulCounter;
CRITICAL_SECTION sCriticalSection;
} WHEEL;
static DWORD WINAPI SpinnerThread (LPVOID pWheel)
{
WHEEL* spWheel = (WHEEL*) pWheel;
while (spWheel->lTimes > 0)
{
spWheel->ulCounter++;
}
return 0;
}
static DWORD WINAPI SelectorThread (LPVOID pWheel)
{
WHEEL* spWheel = (WHEEL*) pWheel;
Sleep (100);
{
unsigned long ulCounter = spWheel->ulCounter;
EnterCriticalSection (&spWheel->sCriticalSection);
RAND_seed ((unsigned char *) &ulCounter, sizeof (ulCounter));
LeaveCriticalSection (&spWheel->sCriticalSection);
InterlockedDecrement ((long*) &spWheel->lTimes);
}
return 0;
}
void SecureRandomSpin (int nTimes) /* typically called with nTimes=20 */
{
WHEEL sWheel;
sWheel.lTimes = nTimes;
sWheel.ulCounter = 0;
InitializeCriticalSection (&sWheel.sCriticalSection);
if (nTimes > 0)
{
DWORD dwThreadId = 0;
HANDLE hThreadSpinner = CreateThread (0, 0, SpinnerThread, &sWheel, 0,
&dwThreadId);
if (hThreadSpinner)
{
HANDLE ahThreadSelectors [100];
int iSelector;
if (nTimes >= sizeof (ahThreadSelectors) / sizeof (ahThreadSelectors
[0]))
{
nTimes = sizeof (ahThreadSelectors) / sizeof (ahThreadSelectors [0]);
}
for (iSelector = 0; iSelector < nTimes; iSelector++)
{
ahThreadSelectors [iSelector] = CreateThread (0, 0, SelectorThread,
&sWheel, 0, &dwThreadId);
}
WaitForMultipleObjects (nTimes, ahThreadSelectors, TRUE, INFINITE);
for (iSelector = 0; iSelector < nTimes; iSelector++)
{
CloseHandle (ahThreadSelectors [iSelector]);
}
WaitForSingleObject (hThreadSpinner, INFINITE);
CloseHandle (hThreadSpinner);
}
}
DeleteCriticalSection (&sWheel.sCriticalSection);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
