Hi, If I try to create Diffie-Hellman key parameter (OpenSSL 1.0.0) via openssl dhparam -out $KEY_DIR/dh1024.pem 1024 I get the following output:
"Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time .........+......... [...] unable to write 'random state'" I get the error since neither $HOME nor $RANDFILE is set. So if I do an export RANDFILE=/root/.rnd the command above works and I don't get an error. Now I have several questions: 1. Why do I need to specify the path to the seed (RANDFILE) if I don't provide the seed (I dont use the -rand option.)? /root/.rnd doesn't exist before I run the command. After I ran the openssl command it is created under /root/.rnd and contains the seed (or is this something else?). 2. If openssl creates the file on his own, why doesn't it delete if after the DH key parameter were created? Isn't it a security risk if one doesnt delete the seed, since an attacker could generate exactly the same key parameter if he would get access to the seed? [1] http://www.openssl.org/support/faq.cgi#USER2 Thanks! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
