Lutz Jaenicke <[EMAIL PROTECTED]>:
>> After the initial minimum seeding, one should always add at least 1024
>> seed bytes (possibly of worse quality) so that the randomness pool
>> gets completele 'stirred'. Use RAND_add with zero entropy count if
>> your randomness source is particularly suspicious (e.g. a fixed
>> 'randomness' file created at program installation).
> My preferred technique of doing this is saving 1024 bytes from the old
> process and read it (back) into the PRNG upon restart; then add more
> entropy from EGD.
Because of the specific implementation of the OpenSSL PRNG, it might
be a bit better to switch the order: then the good entropy from EGD
leaves traces in all of the randomness pool when you're adding the
1024 bytes from the old process.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
