Re: "PRNG not seeded" in Window NT

Tue, 04 Apr 2000 14:58:48 -0700 


----- Original Message -----
From: Neil Costigan <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 04, 2000 8:40 AM
Subject: Re: "PRNG not seeded" in Window NT


>
>
> Geoff Thorpe wrote:
> >
>
> >
> > I'd advise trying to find a lot though ... perhaps kernel stats, file-IO
> > information, network stats, etc etc. OpenSSL can only be as secure as
its
> > random-number generator, which can only be as secure as the random seed
you
> > give it. (Note, you can't replace those "can only be" phrases with "is"!
> > :-> ).
> >
>
>
> with much respect to Per Nilsson for supplying this.....
>
> should/can be used in addition to suitable hardware
>
> // Random seeding modeled after Netscapes SEC package
> // but keeps looping, sampling the high resolution timer
> // and the cursor position periodically. This should be
> // truly random if there is any load at all on the machine.
> unsigned long WINAPI RandomThread(PVOID dummy)
> {
> UUID uuid;
> POINT pt;
> LARGE_INTEGER ci;
>     MEMORYSTATUS mem;
> DWORD dw1,dw2,dw3,dw4;
> char vol[128],fs[128];
> void *p;
>
> dw1=GetTickCount();
> RAND_seed((unsigned char *)&dw1,sizeof(dw1));
> p=GetCurrentProcess();
> RAND_seed((unsigned char *)&p,sizeof(p));
> dw1=GetCurrentProcessId();
> RAND_seed((unsigned char *)&dw1,sizeof(dw1));
> p=GetCurrentThread();
> RAND_seed((unsigned char *)&p,sizeof(p));
> dw1=GetCurrentThreadId();
> RAND_seed((unsigned char *)&dw1,sizeof(dw1));
> dw1=GetLogicalDrives();
> RAND_seed((unsigned char *)&dw1,sizeof(dw1));
> GetVolumeInformation(0,vol,sizeof(vol),&dw1,&dw2,&dw3,fs,sizeof(fs));
> RAND_seed(vol,strlen(vol));
> RAND_seed(fs,strlen(fs));
> RAND_seed((unsigned char *)&dw1,sizeof(dw1));
> RAND_seed((unsigned char *)&dw2,sizeof(dw2));
> RAND_seed((unsigned char *)&dw3,sizeof(dw3));
> GetDiskFreeSpace(0,&dw1,&dw2,&dw3,&dw4);
> RAND_seed((unsigned char *)&dw1,sizeof(dw1));
> RAND_seed((unsigned char *)&dw2,sizeof(dw2));
> RAND_seed((unsigned char *)&dw3,sizeof(dw3));
> RAND_seed((unsigned char *)&dw4,sizeof(dw4));
> mem.dwLength=sizeof(mem);
> GlobalMemoryStatus(&mem);
> RAND_seed((unsigned char *)&mem,sizeof(mem));
> dw1=sizeof(vol);
> GetComputerName(vol,&dw1);
> RAND_seed(vol,dw1);
> memset(&uuid,0,sizeof(uuid));
> UuidCreate(&uuid);
> RAND_seed((unsigned char *)&uuid,sizeof(uuid));
>
> for(;;)
> {
> QueryPerformanceCounter(&ci);
> RAND_seed((unsigned char *)&ci,sizeof(ci));
> GetCursorPos(&pt);
> RAND_seed((unsigned char *)&pt,sizeof(pt));
> Sleep(1000);
> //rand_cb(gCtx);
> }
>
> return 0; // unreachable. but the fuction should have a return value !
> }
>
>
>
> Regards
> Neil Costigan

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to