Thanks for your reply. I have two further questions I would like to ask:
How can I make openssl read from that pipe? And why would a certified hardware quantum random generator hardware be less reliable than openssl's prng? Regards, Vandra Ákos 2009/7/4 David Schwartz <[email protected]> > > Akos Vandra wrote: > > > I see what the main misunderstanding is here. > > > If the numbers are read from the file with no precautions whatsoever, > > the same numbers will be read more than once (at every run) of course. > > But I thought it was possible to have a set of random numbers saved in > > a file, and it would be possible for openssl to save a "pointer", and > > continue reading the file on the next run (not start from the beginning). > > Of course this can be done by pipeing tha file to a FIFO buffer, and then > > making openssl read from the pipe rather than the file (this solves the > > problem with the same random sequence). > > Yes, exactly. > > > What my problem here is: I have a true random number generator, but it > > is not linked to the computer, I get the numbers on a flash disk(as a > > binary file). Because these are true random numbers (well at least as > > far a quantum rng is random), they are safe to use for the prime > > generation, and I would like to use these files, rather than the PRNG > > of openssl (being on the safe side of a coding error in the PRNG, no > > offence intended, we all make mistakes :). I would like to know if > > this is possible > > What you need is a program that sucks in the files of random numbers and > serves them to a pipe that OpenSSL (and other RNG clients) can read from. > The program would need to ensure that each number is only written to the > pipe once. It can keep the pipe 'full' and let you know when it's low on > random numbers. This is a very simple program to write. (And I believe > similar programs do already exist. Have a look at 'egd'.) > > However, it will not likely achieve your stated objective. Unless you vet > your program to the same degree as OpenSSL's PRNG has been vetted, you will > simply have replaced a solution with a less-reliable solution. As a general > rule, in crytography, the worst thing you can do is cook up your own > solution to a problem. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] >
