Re: wget and seeding random numbers
1 - Use RAND_egd() for reading true random data if such is available (this needs to be checked for in the configure script, as RAND_egd() wasn't introduced until OpenSSL 0.9.5). This would also benefit from a command line option to specify the egd socket. EGD = Entrophy Gathering Daemon. 2 - Use RAND_screen() for windows based systems (gets random data off the screen). 3 - Allow a user-specified file for reading random data from with RAND_load_file() 4 - Use RAND_file_name() to get what default file (if any) to read random data from. (This seems to be done in the lynx code) 5 - *then* you go with the srand(), time and pid seeding stuff. I'm no expert on openssl, but that looks pretty reasonable, and it's probably just a couple more calls, so not hard to do? As long as the srand()all stuff is there as a final default. Thanks, karl
Re: wget and seeding random numbers
[EMAIL PROTECTED] writes: 1 - Use RAND_egd() for reading true random data if such is available (this needs to be checked for in the configure script, as RAND_egd() wasn't introduced until OpenSSL 0.9.5). This would also benefit from a command line option to specify the egd socket. EGD = Entrophy Gathering Daemon. 2 - Use RAND_screen() for windows based systems (gets random data off the screen). 3 - Allow a user-specified file for reading random data from with RAND_load_file() 4 - Use RAND_file_name() to get what default file (if any) to read random data from. (This seems to be done in the lynx code) 5 - *then* you go with the srand(), time and pid seeding stuff. I'm no expert on openssl, but that looks pretty reasonable, It does, but I've never done any SSL coding so I'll probably not get around to it soon. Also, this kind of change will not make it to 1.7.1.
Re: wget and seeding random numbers
On Sat, 9 Jun 2001 [EMAIL PROTECTED] wrote: About doing the random number seed for ssl, I dug up what lynx does, and it looks like it wouldn't be difficult to do something similar in wget. It appears this code was written by Mark Mentovai [EMAIL PROTECTED], http://www.moxienet.com/. I don't think this Lynx random seeding is what could be considered Good Enough for any half-baked cryptographer. I'd suggest that you 1 - Use RAND_egd() for reading true random data if such is available (this needs to be checked for in the configure script, as RAND_egd() wasn't introduced until OpenSSL 0.9.5). This would also benefit from a command line option to specify the egd socket. EGD = Entrophy Gathering Daemon. 2 - Use RAND_screen() for windows based systems (gets random data off the screen). 3 - Allow a user-specified file for reading random data from with RAND_load_file() 4 - Use RAND_file_name() to get what default file (if any) to read random data from. (This seems to be done in the lynx code) 5 - *then* you go with the srand(), time and pid seeding stuff. I'm not saying curl is the perfect code in this aspect either, I just think it does a whole lot better... -- Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77 ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
RE: wget and seeding random numbers
How do I get off this WGET list?!!! This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. CREDIT SUISSE GROUP and each of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation.
wget and seeding random numbers
About doing the random number seed for ssl, I dug up what lynx does, and
it looks like it wouldn't be difficult to do something similar in wget.
It appears this code was written by Mark Mentovai [EMAIL PROTECTED],
http://www.moxienet.com/.
Hope it helps.
k
if(RAND_status()==0) {
char rand_file[256];
time_t t;
pid_t pid;
long l,seed;
t=time(NULL);
pid=getpid();
RAND_file_name((char *)rand_file,256);
CTRACE((tfp,HTTP: Seeding PRNG\n));
if(rand_file!=NULL) {
/* Seed as much as 1024 bytes from RAND_file_name */
RAND_load_file(rand_file,1024);
}
/* Seed in time (mod_ssl does this) */
RAND_seed((unsigned char *)t,sizeof(time_t));
/* Seed in pid (mod_ssl does this) */
RAND_seed((unsigned char *)pid,sizeof(pid_t));
/* Initialize system's random number generator */
RAND_bytes((unsigned char *)seed,sizeof(long));
srand48(seed);
while(RAND_status()==0) {
/* Repeatedly seed the PRNG using the system's random number generator until it
has been seeded with enough data */
l=lrand48();
RAND_seed((unsigned char *)l,sizeof(long));
}
if(rand_file!=NULL) {
/* Write a rand_file */
RAND_write_file(rand_file);
}
}
