I forgot to mention that the systems in question are severs that do not have the keyboard or mouse as sources of entropy. Yes indeed, the problem seems a lack of entropy. What I find surprising is that on these systems, I seem to be able to get approx 400 bytes from /dev/random and it doesn't matter how long the system has been running for (hours, days, weeks or months). This seems a little odd to me.
Bruce On Tue, Jun 10, 2008 at 11:25 PM, David Schwartz <[EMAIL PROTECTED]> wrote: > > > What is the acceptable lower limit for the number of bytes for > RAND_load_file()? > > Nobody can tell you what your requirements are. Some people will consider > it > acceptable just to read 1KB from /dev/urandom. This is only a problem if > the > entropy pool was never seeded, which is always at least possible. > > If you aren't comfortable reading from /dev/urandom, an acceptable > compromise might be to read a small number of bytes from /dev/random > (accepting that this might take a while in exchange for a stronger > guarantee > of security) and a larger number of bytes from /dev/urandom (in the hopes > that this will increase security because it is quite likely to do so). > > IMO, 16 or 32 bytes from /dev/random and 256 bytes from /dev/urandom is > sufficient for almost all imaginable applications. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
