The hardware that I am creating an ENGINE module for
is capable of generating random numbers, so I'm adding
a RAND_METHOD.
I think our hardware's basic method of generating
randomness is pretty good, but the HW engineer is going
to stir and combine the first stage randoms even further
to get really high-quality randomness. This is all to the good.
However, it slows the process down since a lot of random bits
go into the second stage but few come out.
I can see that there is some concept of randomness "quality"
in OpenSSL - RAND_METHOD has two methods, one of
which is pseudorand(). But outside of the test routines
pseudorand() only seems to be called by BN_is_prime_fasttest().
I had contemplated asking the engineer for two rand
options - decent quality / fast, or top quality / slow.
I could feed the first to pseudorand(), and the second
to bytes().
Would that be a wasted effort?
Ah, what I wouldn't give to strap a profiler to a really busy
Apache/mod_ssl commerce server, to see exactly what
gets heavily used and what is hardly touched. This is
just one of the many questions I have which could be
answered by such data.
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
Tom Biggs
'89 FJ1200 DoD #1146
"The whole aim of practical politics is to keep the populace alarmed -
and hence clamorous to be led to safety - by menacing it with an endless
series of hobgoblins, all of them imaginary." -- H.L. Mencken
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
