I don't know if /dev/random is available on all linux machines. But I think it is. But as for Windows, which does not have /dev/random, I believe OpenSSL seeds the PRNG on Windows automatically using a variety of clever ideas and sources of entropy. It is probably better than what you could come up with on your own (I would guess). For details, either dig into the OpenSSL src, or maybe one of the OpenSSL gurus can elaborate more on what is done on Win32.
BTW, I experimented with EGADS at one point...it's a total memory hog. And since I only need it once (when my app starts up) to seed the OpenSSL PRNG, I'd have to install the EGADS service, start it, seed the PRNG, then stop it (because it was hogging to much memory if I left it running). Too much work and not very elegant if you ask me. Then I found out that I didn't have to do anything on Win32 because OpenSSL did it for me. I hope I'm correct in my statements. I'm also a relative newbie to OpenSSL. Ed -----Original Message----- From: [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: 4/7/2005 12:08 AM Subject: Re: RAND_seed() Layla wrote: > In addition to RAND_screen(), you can use: > RAND_event(...,...,...); > but you must know that use of both functions is highly discouraged, in other words they should be your last resort. As you can see from the construction I used, RAND_screen() was only called, if RAND_status() returned 0 And as I also stated, this I have never seen RAND_status() return 0 on Win XP. OpenSSL is doing a good job already seeding the PRNG and only if for some reason it is not seeded already, the RAND_screen is called. And I would say that RAND_screen is fairly much more random than time(). If you like, you could add an additional line to check if the PRNG was seeded after the RAND_screen and if not, seed it with time() or simply abort, which would probably be better than believe in something to be random, but really relies on time(). I wouldn't do much cruptography based on PRNG seeded with time() PS On windows I use the prebuild package from http://www.slproweb.com/products/Win32OpenSSL.html And I also use OpenSSL on Linux, but without this RAND_status/RAND_screen stuff ;-) Best regards Egon Andersen -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
