Hi Thomas, Looking at the latest SRP patch [1], I noticed the use of RAND_pseudo_bytes. I believe RAND_pseudo_bytes is sufficient for salts and other public values. But it does appear that RAND_pseudo_bytes is being used for keying material at lines 3171 and 3187. The bytes acquired at 3171 and 3187 are then used to generate A's and B's key pairs.
According to the OpenSSL documentation on RAND_pseudo_bytes [2], RAND_pseudo_bytes might not be suitable for keying material: "RAND_pseudo_bytes() will be unique if they are of sufficient length, but are not necessarily unpredictable. They can be used for non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc." I understand the documentation is not always up to date (the dev team is usually busy doing what they do best - developing), so I might be wrong on the use of RAND_pseudo_bytes. Jeffrey Walton [1] http://rt.openssl.org/Ticket/Attachment/25682/12416/srp-openssl-20100208-patch.txt [2] RAND_bytes, http://www.openssl.org/docs/crypto/RAND_bytes.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
