> What is the acceptable lower limit for the number of bytes for RAND_load_file()?
Nobody can tell you what your requirements are. Some people will consider it acceptable just to read 1KB from /dev/urandom. This is only a problem if the entropy pool was never seeded, which is always at least possible. If you aren't comfortable reading from /dev/urandom, an acceptable compromise might be to read a small number of bytes from /dev/random (accepting that this might take a while in exchange for a stronger guarantee of security) and a larger number of bytes from /dev/urandom (in the hopes that this will increase security because it is quite likely to do so). IMO, 16 or 32 bytes from /dev/random and 256 bytes from /dev/urandom is sufficient for almost all imaginable applications. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
