In addition to RAND_screen(), you can use: RAND_event(...,...,...); but you must know that use of both functions is highly discouraged, in other words they should be your last resort.
As you can see from the construction I used, RAND_screen() was only called, if RAND_status() returned 0
And as I also stated, this I have never seen RAND_status() return 0 on Win XP.
OpenSSL is doing a good job already seeding the PRNG and only if for some reason it is not seeded already, the RAND_screen is called.
And I would say that RAND_screen is fairly much more random than time().
If you like, you could add an additional line to check if the PRNG was seeded after the RAND_screen and if not, seed it with time() or simply abort, which would probably be better than believe in something to be random, but really relies on time().
I wouldn't do much cruptography based on PRNG seeded with time()
PS
On windows I use the prebuild package from
http://www.slproweb.com/products/Win32OpenSSL.html
And I also use OpenSSL on Linux, but without this RAND_status/RAND_screen stuff ;-)
Best regards Egon Andersen
-- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
