If openssl can generate random data and spit it out in a file then why use a file to begin with? Can't openssl ( tool ) just generate its random data internally and use that? I think that's a lot safer than spitting it out to a file and prevents less problems with the random data getting deleted/viewed.
- Andrew
-------------------------------------
Andrew T. Finnell
Software Engineer
eSecurity Inc
(321) 394-2485
> -----Original Message-----
> From: Marcus Redivo [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, December 01, 2001 7:14 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ssl-cert-HOWTO.txt for review
>
>
> Hello Fiel,
>
> Thanks for the comments.
>
> At 10:45 AM 12/1/01 -0800, Fiel Cabral wrote:
>
> >My suggestion is to include info about the RANDFILE
> >variable. I set RANDFILE=$HOME/.rnd in my environment
> >and in the configuration file (the default value:
> $ENV::HOME/.rnd). If
> >.rnd doesn't exist, I just copy a file to it (usually a
> binary file or
> >a random-looking log file).
>
> I did not mention the RANDFILE, and in fact left it out of
> the example configuration, because I was under the impression
> that if I had /dev/*random I did not need it.
>
> If this is not true, could someone please correct me? Thanks.
>
> Now, the RANDFILE candidate. Using a binary or a log is
> nowhere near random enough. Fortunately, openssl has a
> command to create a better random file:
>
> # openssl rand -out $HOME/.rnd 1024
>
> (Don't send the output to your console unless you add the
> -base64 switch, unless you like abstract art... ;) )
>
> BTW, I'm on the list now.
>
> Marcus Redivo
>
> The Binary Tool Foundry
> PO Box 2087 Stn Main
> Sidney BC Canada
> mailto:[EMAIL PROTECTED]
> http://www.binarytool.com
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
