On Thu, Apr 13, 2000 at 07:40:05AM +1000, Damien Miller wrote:
> On Wed, 12 Apr 2000, Richard Levitte - VMS Whacker wrote:
>>> This violates the "principle of least suprise". The -rand parameter
>>> should either stop reading after a sufficient number of bytes or be
>>> properly documented in gendsa.1.
>> Hmm, define "sufficient". In OpenSSL, it's "whatever the user wants
>> to throw at me, I'll eat until it stops". /dev/urandom hardly ever
>> stops :-)...
> Data greater than md_rand.c's STATE_SIZE is going to be wasted.
Not "wasted", but "condensed". The files named in -rand may have low
entropy density, but be very long -- a method for creating your
initial .rnd file is to concatenate the output of "ls -lR $HOME",
"ps -Alf", "who", "last", various logfiles, your mailbox, "xwd -root"
and so on, and then run "openssl rand -rnd long_file 0".
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
