On Thu, Dec 14, 2000, Tom Biggs wrote:
> I think our hardware's basic method of generating
> randomness is pretty good, but the HW engineer is going
> to stir and combine the first stage randoms even further
> to get really high-quality randomness. This is all to the good.
> However, it slows the process down since a lot of random bits
> go into the second stage but few come out.
>
> I can see that there is some concept of randomness "quality"
> in OpenSSL - RAND_METHOD has two methods, one of
> which is pseudorand(). But outside of the test routines
> pseudorand() only seems to be called by BN_is_prime_fasttest().
It is both the same algorithm, but on some systems the PRNG must be
seeded explicitly. There are some applications where you don't need
that seed, and the pseudorand() method is for those.
If you're not sure that the hardware RNG is sound, you could just xor
its output with OpenSSL generated numbers.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
