Jeffrey Altman writes: > Suggestion. Do not wait until you establish your first connection to > call RAND_poll(). Initializae the PRNG as part of the startup of your > app or in a background thread.
Yes; I have already done this, and it helps, but this is just a band-aid. The bottom line is, I'd rather not have to pay a 15-second penalty *anywhere* in my app if there's not a good reason for it; and there doesn't appear to be a good reason for this one. Is it even necessary to do the heapwalk at all? Since it is so very slow, especially with respect to all the other ways to gather entropy in the system, perhaps it should be replaced with some other mechanism, much faster but equally effective. For instance, if we could obtain the start and end of the range of valid readable addresses, we could sample a random word from within this range, and use that value to determine the address of the next random word within the range, and so on, for n cycles. David ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]