Alos Vandra: > Thanks for your reply.
> I have two further questions I would like to ask: > How can I make openssl read from that pipe? It depends on exactly what you're asking. If you're talking about how to do it in a program somebody else wrote, you'd have to ask them. If you're talking about how to do it in your own program, you can replace the OpenSSL PRNG with RAND_set_rand_method. If you're talking about how to do it in the applications included with OpenSSL, use the 'RANDFILE' environment variable There's built-in support for EGD, so it may be worth 'faking' EGS's protocol. > And why would a certified hardware quantum random generator hardware > be less reliable than openssl's prng? Because "reliable" is an attribute of the system as a whole, not its individual components. When I read your question, I see, "Why would a system I put together myself be less reliable than a system that has been publicaly vetted and stood the test of time?" And the answer is obvious -- you might make mistakes putting the system together and your shoulder is not being looked over the way the OpenSSL project is. My advice to you would be to compromise. A known property of OpenSSL's PRNG is that it can never be hurt by adding seed material to it. So add as much seed material to it as often as you like. This cannot possibly hurt, so your baseline is the reliability of OpenSSL. (And, in fact, this is what I do.) If you really want to, you can intercept OpenSSL's PRNG calls with your own rand method. Keep track of how much entropy is being pulled out of the pool and add back in the same amount from your own source. This way even if you screw up the worst imaginable way (assuming you don't actually distort the data from the PRNG going back to OpenSSL) you cannot make things any less secure. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
