Re: Need input for Certificate generation

2012-11-17 Thread Jeffrey Walton
On Sat, Nov 17, 2012 at 10:56 PM, wrote: > On 16-11-2012 19:57, Jeffrey Walton wrote: >> >> Hi Jacob, >> On Fri, Nov 16, 2012 at 1:22 PM, Jakob Bohm wrote: >>> >>> On 11/16/2012 3:36 AM, Jeffrey Walton wrote: ... Headless servers, entropy starvation, and rollbacks are a concern in

Re: Need input for Certificate generation

2012-11-17 Thread jb-openssl
On 16-11-2012 19:57, Jeffrey Walton wrote: Hi Jacob, On Fri, Nov 16, 2012 at 1:22 PM, Jakob Bohm wrote: On 11/16/2012 3:36 AM, Jeffrey Walton wrote: ... Headless servers, entropy starvation, and rollbacks are a concern in modern environments. OpenSSL and other entropy gathers, such as EDG, don

Re: Need input for Certificate generation

2012-11-16 Thread Jeffrey Walton
Hi Jacob, On Fri, Nov 16, 2012 at 1:22 PM, Jakob Bohm wrote: > On 11/16/2012 3:36 AM, Jeffrey Walton wrote: >> >> ... >> >> Headless servers, entropy starvation, and rollbacks are a concern in >> modern environments. OpenSSL and other entropy gathers, such as EDG, >> don't account for the later.

Re: Need input for Certificate generation

2012-11-16 Thread Jakob Bohm
On 11/16/2012 3:36 AM, Jeffrey Walton wrote: ... Headless servers, entropy starvation, and rollbacks are a concern in modern environments. OpenSSL and other entropy gathers, such as EDG, don't account for the later. Its best to take the bull by the horns and do it yourself. At minimum, you need t

Re: Need input for Certificate generation

2012-11-16 Thread Jeffrey Walton
On Fri, Nov 16, 2012 at 9:17 AM, Graham Leggett wrote: > On 16 Nov 2012, at 4:36 AM, Jeffrey Walton wrote: > >> On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton wrote: >>> On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai wrote: CryptGenRandom(hCryptProv, SEED_SIZE, buf); // On Windows

Re: Need input for Certificate generation

2012-11-16 Thread Graham Leggett
On 16 Nov 2012, at 4:36 AM, Jeffrey Walton wrote: > On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton wrote: >> On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai wrote: >>> >>> CryptGenRandom(hCryptProv, SEED_SIZE, buf); // On Windows OS >>> apr_generate_random_bytes(buf, SEED_SIZE); // On

Re: Need input for Certificate generation

2012-11-15 Thread Jeffrey Walton
On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton wrote: > On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai wrote: >> >> CryptGenRandom(hCryptProv, SEED_SIZE, buf); // On Windows OS >> apr_generate_random_bytes(buf, SEED_SIZE); // On Linux OS >> Speaking of poor documentation. I looked a

RE: Need input for Certificate generation

2012-11-15 Thread Jeremy Farrell
> From: Jeffrey Walton [mailto:noloa...@gmail.com] > > On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai > wrote: > >... > > #define SEED_SIZE 128 > >... > > //RAND_seed(buf, SEED_SIZE); > > RAND_add(buf, SEED_SIZE, (20/100) * SEED_SIZE); > > > > k = RAND_status(); > > > > } > I'm not sure 20% e

Re: Need input for Certificate generation

2012-11-15 Thread Jeffrey Walton
On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai wrote: > Hi, > > At one place, we are using following logic for generating self-signed > certificate: > > #define SEED_SIZE 128 > > k = RAND_status(); > while(k == 0) > { > // custom logic for getting random numbers from system variables > ... > > Crypt