In message <[EMAIL PROTECTED]> on Sun, 19 Sep 2004 07:30:33 -0700 (PDT), Layla <[EMAIL PROTECTED]> said:
layla_a2002> I’m currently working on a project where I must implement layla_a2002> Needham-Schroeder symmetric key security protocol. During layla_a2002> the first message exchanged from client A to the CA layla_a2002> server, the client must send a nonce identifier. This layla_a2002> nonce must be a random number. I got lost trying to layla_a2002> figure out the best way to generate a random number using layla_a2002> OpenSSL. What form should that number hace, exactly? layla_a2002> I found the following segment: layla_a2002> layla_a2002> #include <openssl/rand.h> layla_a2002> layla_a2002> // ... layla_a2002> layla_a2002> unsigned char rnd[2500]; layla_a2002> layla_a2002> RAND_pseudo_bytes(rnd,sizeof(rnd)); layla_a2002> layla_a2002> When I ran this code and attempted to see the contents of layla_a2002> rnd I got a non-comprehensible output, is that the way layla_a2002> it’s supposed to be? Ciphered? Or is something wrong? Well, you're asking for 2500 random bytes. Of course they will really be random, so what do you expect, other than an incomprehensible stream of bytes? layla_a2002> On the other hand, according to the “Network Security layla_a2002> with OpenSSL” book I must use PRNG which requires layla_a2002> EGADS as a third party package to provide a seed to layla_a2002> PRNG. Must I really use PRNG or is it designed for more layla_a2002> sophisticated purposes rather than generating a nonce? The purpose of RAND_pseudo_bytes is to give you fairly random bytes. They are perfectly suitable for a random nonce. layla_a2002> I’m seeking your guidance as I don’t want to end up layla_a2002> reinventing the wheel or getting stuck in a mess that I layla_a2002> don’t even need, to get the job done. Well, I'm missing a description of what you really want. What's the type of your nonce? Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
