At 12:55 27.01.2002 +0000, you wrote: >I'm thinking of writing a small GUI application that implements just the 2 >following functions of: > >*Create a self-signed certificate >*Create a private key > >First, is there such an application already around (I can't find any), and >secondly, would a random seed made from the current time (date, hour, >minutes, seconds, ms) be okay (this would be running under Windows)?
No! (regarding the random seed) Netscape has (afaik) used such a seeding (time and process id) in early versions of their browsers. The resulting keys were broken in just one or two hours with a simple PC (today it would probably just minutes). Look into the OpenSSL sources, in crypto/rand is some code for gathering entropy material under windows (iirc). Ciao, Richard K�nning -- Dr. Richard W. K�nning Fujitsu Siemens Computers GmbH, EP LP COM 5 Phone/Fax: +49-89-636-47852 / 47655 E-Mail: [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
