On Tue, Jun 20, 2000 at 01:51:34PM -0400, Bill Rebey wrote:
> Thanks for pointing this out. Like I said, I knew the array would probably
> contain 64 instances of the same values, but I didn't know it was so
> terrible, largely because I don't even understand what the big pool of data
> is really used for.
>
> You seem to have some legitimate insight into the random number generator.
> I know this isn't a classroom session, but could you spare a few minutes to
> tell me why we use these large pools of data to seed the RNG? I'm just
> mimicking the behavior of example code that I find in various places, as
> there seems to be no documentation about how any of this is supposed to work
> or how the seed is used, etc.
There is some amount of documentation available in the good old
doc/ssleay.txt. EAY was proud of his PRNG and added a detailed description
to this file.
> Is it any better to use 64 longs to seed the RND than it is to use 1 or 5
> longs?
The question is not the amount of data, it is the amount of "unpredictability".
>From the PRNG the random numbers used to encrypt the session are generated
(and even the secrect keys).
Your seed contains just the actual time. I can easily guess this value
(provided your clock is well synchronized), feed my identical PRNG
engine with the same value and guess your secrets!! The same holds when
you seed the PRNG with 64times the same value, I can still predict it.
If you want to make my life hard, you must seed values that I cannot
predict. Say, you have a standard UNIX machine. Most (all?) UNIX machines
use increasing process numbers, so these numbers are not so difficult to
"guess". The actual time is easily guessed, as is the computer time used
up by your process (times()), since I might have the same computer and
simply try :-)
On the other hand, if you seed your complete maillog on a busy server,
that is hard for me to simulate. It contains timestamps, process numbers,
Message-IDs, message sizes, so if you seed the log of several hundred
emails, I will have a hard time to come near to the PRNG state and must
spend my time trying. That is what you wnat to achieve. It must be as hard
as possible for me to guess your PRNG state (and/or your seed).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
