Bill and Lutz,
The server can just add the master secret into its RNG (along with other
entropy of course). I don't think the extra steps of having the client pass
more random bytes adds much if anything and requires this extra protocol to
support and debug.
_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________
> Since I am involved in using openSSL to transport a protocol
> designed within my company I have the luxury of changing the way the
> protocol behaves. I am planning to change it so that the following occurs:
> 1. Client seeds its random number generator via the screen pixels
> (via RAND_screen( ) )
> 2. Client completes an SSL connection to the server.
> 3. Client passes a 32 bytes random sequence to the server (generated
> via RAND_bytes( ) )
> 4. Server adds this seed data (via RAND_seed( ) )
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
