On Tue, Oct 12, 1999 at 11:43:01AM -0300, Miguel Angel Fraga wrote:
>> OpenSSL does not contain a "RNG". It uses a cryptographic PRNG, which
>> you as the application programmer have to initialize by calling
>> RAND_seed() with appropriate input.
>> In the case of Windows, one method for creating such input is to ask
>> the user to move the mouse and use the the coordinates of the
>> WM_MOUSEMOVE messages you get and the respective system time.
> It seems to be a good choice.
> Has anyone added such a feature to RAND_seed()?
> If not I propose fix it for the next OpenSSL-Release.
The application has to take care of this, not the library. A generic
solution is not possible; e.g. for servers, you cannot expect the
mouse to move at all. The seeding that OpenSSL does automatically
suffices on certain platforms, but one should not rely on such
possibilities being available. One part of a solution for application
programs is to do what the "openssl" utility does: it expects to find
random input in a file (usually $HOME/.rnd) and writes an updated
random state back later.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
