On Wed, Nov 28, 2001 at 08:47:13AM +0100, [EMAIL PROTECTED] wrote:
> Solaris does not support the device /dev/urandom which is necessary to seed
> the PRNG by default.
> You can either install a package which emulate /dev/urandom or seed the
> PRNG
> manually by the following commands :
>
> unsigned char seed_buffer [1024] ;
>
> RAND_pseudo_byte(seed_buffer, 1024) ;
> RAND_seed(seed_buffer, 1024) ;
> ...
> RSA_generate_key(...)
This, with all due respect, is no good advice. Depending on the platform
(and maybe even compiler settings), the buffer may be memset to 0.
Generating pseudo bytes from it will mix in the PID and have the pool
mixed. That might look random, but finally (if somebody finds out your
method), the generated keys are weak.
I strongly suggest using using one of the alternative PRNG sources described
in the FAQ.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
