On Fri, Mar 03, 2000 at 11:15:57AM -0600, Hon-Yin Kok wrote:
> Now I'm a little confuse about the context of RAND_* in FAQ #6. I installed
> both EGD as well as librand but I am still getting the random number generator
> has not been seeded error. Can someone explain more about how this actually
> works? I did the following after I have successfully compile openssl 0.9.5
>
> % openssl s_client connect www.openssl.org:443
>
> and I got the following error:
>
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Consider setting the RANDFILE environment variable to point at a file that
> 'random' data can be kept in (the file will be overwritten).
As of now, s_server has no "-rand" command line option to specify usage
which source to use to seed the PRNG.
You have to use the RANDFILE environment variable that must point to
a file containing "entropy". If you don't use the variable, a default
of $HOME/.rnd is used. If you have EGD, you have a script egd-0.6/eg/egc.pl.
Use it with
egc.pl /path/to/your/egd-socket read 255 > $HOME/.rnd
for initial seeding. The problem will be gone in future.
(Of course check for error messages in the file.)
Maybe future versions of OpenSSL will also have the "-rand" option for
s_server...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
