C Wegrzyn wrote:
I have to generate quite a few random keys (and iv's) during a days. It
comes out to about 1 million keys (16 bytes each) and 1 million iv's (16
bytes each).
I tried using /dev/random and /dev/urandom but in one case it blocks too
much of the time and in the other seems to run pretty slow. I tried
using EGAD et al to no avail. So I decided to take a different
approach. I am hoping to hear from others how they might have solved
the problem.
I thought I would take a hash of the message and using it as the salt
call EVP_BytesToKey. I was wondering what others think of this solution.
I would say that qualifies as close to the definition of "bad" from
a cryptographic standpoint. ;-)
Use /dev/random to seed Yarrow, or another PRNG, if you need a lot of
random material. Don't make it a function of anything that isn't
a nonce.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]