Re: Need input for Certificate generation

2012-11-17 Thread jb-openssl
On 16-11-2012 19:57, Jeffrey Walton wrote: Hi Jacob, On Fri, Nov 16, 2012 at 1:22 PM, Jakob Bohm jb-open...@wisemo.com wrote: On 11/16/2012 3:36 AM, Jeffrey Walton wrote: ... Headless servers, entropy starvation, and rollbacks are a concern in modern environments. OpenSSL and other entropy

Re: Need input for Certificate generation

2012-11-17 Thread Jeffrey Walton
On Sat, Nov 17, 2012 at 10:56 PM, jb-open...@wisemo.com wrote: On 16-11-2012 19:57, Jeffrey Walton wrote: Hi Jacob, On Fri, Nov 16, 2012 at 1:22 PM, Jakob Bohm jb-open...@wisemo.com wrote: On 11/16/2012 3:36 AM, Jeffrey Walton wrote: ... Headless servers, entropy starvation, and

Re: Need input for Certificate generation

2012-11-16 Thread Graham Leggett
On 16 Nov 2012, at 4:36 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote: CryptGenRandom(hCryptProv, SEED_SIZE, buf); // On Windows OS

Re: Need input for Certificate generation

2012-11-16 Thread Jeffrey Walton
On Fri, Nov 16, 2012 at 9:17 AM, Graham Leggett minf...@sharp.fm wrote: On 16 Nov 2012, at 4:36 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote:

Re: Need input for Certificate generation

2012-11-16 Thread Jakob Bohm
On 11/16/2012 3:36 AM, Jeffrey Walton wrote: ... Headless servers, entropy starvation, and rollbacks are a concern in modern environments. OpenSSL and other entropy gathers, such as EDG, don't account for the later. Its best to take the bull by the horns and do it yourself. At minimum, you need

Re: Need input for Certificate generation

2012-11-16 Thread Jeffrey Walton
Hi Jacob, On Fri, Nov 16, 2012 at 1:22 PM, Jakob Bohm jb-open...@wisemo.com wrote: On 11/16/2012 3:36 AM, Jeffrey Walton wrote: ... Headless servers, entropy starvation, and rollbacks are a concern in modern environments. OpenSSL and other entropy gathers, such as EDG, don't account for

Re: Need input for Certificate generation

2012-11-15 Thread Jeffrey Walton
On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote: Hi, At one place, we are using following logic for generating self-signed certificate: #define SEED_SIZE 128 k = RAND_status(); while(k == 0) { // custom logic for getting random numbers from system variables ...

RE: Need input for Certificate generation

2012-11-15 Thread Jeremy Farrell
From: Jeffrey Walton [mailto:noloa...@gmail.com] On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote: ... #define SEED_SIZE 128 ... //RAND_seed(buf, SEED_SIZE); RAND_add(buf, SEED_SIZE, (20/100) * SEED_SIZE); k = RAND_status(); } I'm not sure 20%

Re: Need input for Certificate generation

2012-11-15 Thread Jeffrey Walton
On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote: CryptGenRandom(hCryptProv, SEED_SIZE, buf); // On Windows OS apr_generate_random_bytes(buf, SEED_SIZE); // On Linux OS Speaking of poor