>
>> Eh? You can already point OpenSSL at a file and tell it to read bytes.
>> What's the problem?
>
>Ben, I am talking about functionality beyond pointing OpenSSL at a file.
>OpenSSL ought to include the code to generate that file using a sound
>card or other device/scheme, and ought to trigger refreshing the file
>automatically at certain intervals depending on usage. Wouldn´t you
>agree?
Well, not everyone *has* a sound card, and of those who do not everyone has
the *same* sound card. So hardware-dependent code in OpenSSL might not be
such a great idea because it isn't portable.
Having said that, I think the basic point is a good one. Currently OpenSSL
uses time(NULL) at various points to add "entropy" to the PRNG. For *nix
systems there's a couple of instances of using inode data as seed as well.
This data was then severly hashed and mixed and hashed again. Then the SSL
PRNG gets the same data and remixes/rehashes it all again.
I would certainly like to see more thought put into the seed generation -
but for reasons of portability I think this isn't as easy as it sounds.
Different OSes and hardware provide different opportunities for "noise".
But the hooks are there to grab any source of entropy you deem fit and add
them to the RNG.
cjh
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
CJ Holmes "The Macintosh uses an experimental
StarNine pointing device called a 'mouse.'
Director of Development There is no evidence that people
want to use these things."
(John C. Dvorak, SF Examiner, Feb. 1984.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
