> > > What OpenSSL does is choose a fresh random number each time.
> > I don't think this is such a hot idea - for a start you gobble up your
> > available entropy like crazy
> You don't have to consume any more entropy this way, you are just
> following a much less predictable sequence - that is, you put all your
> entropy into your PRNG at step 1, then away you go.
It depends on your definition of "consume". Good PRNG's will "count" how
much entropy they give and receive, and gather more before "exhausting"
themselves. That said, an uncompromised keygen program that discards most
of the numbers securely without exposing them doesn't "consume" those
numbers, even though the PRNG should consider them so. In practise though,
the random pool approach allows disclosure of very long pseudorandom
sequences without needing to replenish their entropy.
------------------------------------------------------------
Clifford Heath http://www.osa.com.au/~cjh
Open Software Associates Limited mailto:[EMAIL PROTECTED]
29 Ringwood Street / PO Box 4414 Phone +613 9871 1694
Ringwood VIC 3134 AUSTRALIA Fax +613 9871 1711
------------------------------------------------------------
Proven Solution Deployment for the Global Enterprise
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
