On 10/10/2012 12:37 PM, Vladimir Belov wrote:
I mean the following: RAND_poll is called only once and stirring of
the pool is made only once. After these operations no more data is
adding to the global state buffer. Global state buffer is only 1023
bytes long, and although data is always mixing by md5 and xored we
have only 1023 bytes of real random data, nothing more.
For example, I have a server application that accepts SSL connections
and works very long time(24/7). I think that after getting tens of
thousands of random bytes with RAND_bytes, data will be too worse, not
cryptographically secure. That's why what is the number of bytes we
can safely get with RAND_bytes before it will give already not
cryptographically secure data?
Knowing this number we can call RAND_poll once again or RAND_seed with
our good random data and also maybe we must stir the pool again.
I will be very grateful for the responses and further discussion.
Regards,
Vladimir.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
The CTR-DRBG algorithm from NIST Special Publication 800-90, when
implemented with AES-128, has only 256 bits of state, and yet the
required reseed interval is 2^48 requests and each request can deliver
up to 2^19 bits (64K bytes). This does not prove anything about the
quality of the RNG in OpenSSL, it only shows that with a proper
algorithm 8K bits (1K bytes) is more than enough to work without
reseeding for an incredibly long time.
--David Jacobson
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
