From: Ian Upright <[EMAIL PROTECTED]>
ian-list> I'm primarily looking for an implementation of an entropy
ian-list> gathering daemon for the windows platform, written in C or
ian-list> some other compiled language, not perl.
There was a small program called prngd announced here not long ago.
It is currently Unix-oriented and creates a named socket that anyone
can read random bytes from. IIRC, there's a feature called "named
pipe" on Windows that works in a somewhat similar fashion?
ian-list> I'm wondering if anyone has integrated OpenSSL to work with
ian-list> the entropy gathering daemon called Yarrow.
ian-list> http://www.counterpane.com/yarrow.html
OpenSSL is designed to work with any seeding daemon through a named
socket. Basically, the named socket is connected to and read from
like any socket.
ian-list> I'd like to use it to seed OpenSSL on Windows. The neat
ian-list> thing about it is that it seems to use some shared memory
ian-list> technique that reduces (eliminates?) the possibility of the
ian-list> entropy data/seeds getting written to disk, and only exist
ian-list> in ram. If an entropy gathering daemon was used over a
ian-list> TCP/IP socket, would it have a greater possibility of
ian-list> getting swapped to disk?
I doubt that. I don't think I've yet seen a TCP/IP buffer that is in
pageable or swapable memory. It's quite a bit different if we talk
about shared ram, which might be swapable if you don't pay attention
to details.
ian-list> Has anyone implemented a entropy daemon on windows that uses
ian-list> Yarrow internally? Has anyone modified OpenSSL to directly
ian-list> support Yarrow?
If the entropy daemon under Windows is implemented to create a named
pipe and OpenSSL is modified to use named pipes under Windows, I don't
see a problem.
I've been looking into Yarrow for possible implementation directly in
OpenSSL, but it has pretty low priority in my list of things to do.
ian-list> Any other ideas on providing better random seeds for OpenSSL
ian-list> on a single user windows machine?
Better than what? If you look at the latest few snapshots, you will
see that an effort has been made to bring better seeding to the
Windows platform, made according to recommendations by Peter Gutmann.
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
