How do I portably generate a random salt within a C program for use in PKCS#5 v2.0 key derivation?
I find that just calling RAND_bytes() works OK on Win32 using 0.9.6 and later, but not with 0.9.5. I can fix it by calling RAND_screen() first. Is this OK? Do I also need to call RAND_screen() for 0.9.6+ or is it safe to omit it? What about other OS's? The FAQ notes that /dev/[u]random is used where present; does that imply that I don't need to do anything prior to calling RAND_bytes() for such OS's? For the remaining OS's I'm instructed to call RAND_add() or RAND_seed() first. Where do I get the data to pass to those functions from without requiring the user of my application having EGD available? Finally, if RAND_bytes fails is there any merit in "falling back" on RAND_pseudo_bytes(), or is that not suitable for generating a salt? (I may also need to generate an IV by the same means.) - Steve ------------------------------------------------ Radan Computational Ltd. The information contained in this message and any files transmitted with it are confidential and intended for the addressee(s) only. If you have received this message in error or there are any problems, please notify the sender immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Radan Computational Ltd. The recipient(s) of this message should check it and any attached files for viruses: Radan Computational will accept no liability for any damage caused by any virus transmitted by this email. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
