On Nov 20, 3:03pm, Richard Levitte - VMS Whacker wrote:
> From: Gotz Babin-Ebell <[EMAIL PROTECTED]>
>
> babinebell> is there a way to ask the random engine about how much
> babinebell> randomness it contains ? RAND_status() returns 1 if the
> babinebell> random pool contains at least 20 bytes (ENTROPY_NEEDED
> babinebell> in rand_lcl.h).
> babinebell>
> babinebell> That is OK for SSL handshake, but for asymetric key
> babinebell> generation we need a lot of more entropy.
>
> The 20 bytes minimum is the needed amount of seeding to get secure
> enough random numbers from the pool. Each time you fetch random
> bytes, the pool is remixed, thus providing for more random bytes.
However, it would also be helpful for randomness _sources_ to know how
much more randomness is needed. It can be a scarce resource, after
all.
> Unless you find it worrying that we ask of only 20 bytes minimum of
> seeding, you should be without problems.
Being able to check exactly how much has been seeded would also be
helpful for applications for which one does _not_ regard 20 bytes as
sufficient (e.g., key generation for large, long-term-used keys).
-Allen
--
Allen Smith [EMAIL PROTECTED]
September 11, 2001 A Day That Shall Live In Infamy II
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
