> -----Original Message-----
> From: Miha Wang [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 22, 2000 2:03 PM
> To: [EMAIL PROTECTED]
> Subject: RE: having trouble with RAND_egd()
>
>
> I have just worked out on this problem without /dev/rand and egd on
> my system. Here are the steps you need:
>
> - Create a file with large size of random data, e.g:
> cat /var/log/syslog > /home/xxx/.rnd
"cat /var/log/syslog > /home/xxx/.rnd" (besides being a questionable use of
the cat command) does not "create a file with large size of random data",
unless you have a very peculiar system. /var/log/syslog does not generally
contain any random data, much less lots of it; indeed, its entropy bit rate
is low, so it isn't even an efficient source for distilling entropy.
You'd likely be better off with "cat > /home/xxx/.rnd" (or "cat > ~/.rnd",
or the variant of your choice) and pressing keys at random for a while.
Arguably, the seed for your PRNG doesn't have to be very good if the PRNG
has sufficient confusion - if, for example, it pre-processes the seed with a
cryptographic hash so small seed differences produce significant
unpredictable differences in the output. (See today's BUGTRAQ note from
John Viega on his conversations with John Kelsey about this; it's very
important that the hash function be good.) Making the PRNG seed the weak
point in your security when there are much better alternatives seems like a
poor choice, though.
Remember that historically poor PRNG seeding has been one of the classic
faults in SSL use. There's a reason (discussed ad nauseum on openssl-users)
why OpenSSL now tries to get a decent entropy source. Fooling it is not the
best policy.
Michael Wojcik [EMAIL PROTECTED]
MERANT
Department of English, Miami University
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
