Michael Wojcik wrote:
> Hmm. Seeding PRNGs on Windows and Unix are pretty well-understood problems;
> there's Yarrow for Windows (www.counterpane.com) and egd for Unix,
Yeah but both of these are external processes. We can't (for various reasons)
rely on, or require the installation of, any such.
>
> Frankly, if you use something like hash(variable message content + hi-res
> time) to generate seed material, it'll be pretty hard to predict the PRNG,
> unless the attacker can mount a known-plaintext attack. Stir some more
> entropy into the pool if you can, but chances are there will be weaker
> points for attackers (like subverting someone on the inside).
>
This was where I was heading with the original inquiry. I'm looking for
something that can be
built into the portable library code. It seems from then comments made so far
that this would be
an acceptable method for us. We're not protecting nuclear secrets (and hence
don't need to hide our data behind a vending machine ...).
G.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
