Continuing the debugging process yields the following:
. the value of 'entropy' is too low because RAND_add() is only
called with a non-zero 'add_entropy' parameter in two places:
- when the GlobalMemoryStatus() data is added
- when the Module Walking data from the ToolHelp32 routines
is added
. since the ToolHelp32 routines are not available on NT4, the
value of 'entropy' is only increased by 1.0 for each call to
RAND_poll(). RAND_poll() is called twice, therefore, the
value of 'entropy' when RAND_status() completes is 2.0.
Question: why is RAND_add() called so frequently with an 'add_entropy'
value of 0 in RAND_poll()?
I would assume the 'add_entropy' value is supposed to indictate the
relative strength of the entropy being passed in, but I doubt that it
should be 0.8 in most cases.
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
