I was under the impression that on windows OpenSSL uses RAND_screen which will obtain random data from the screen and mouse events? Shouldn't you use that?
-------------------------------------
Andrew T. Finnell
Software Engineer
eSecurity Inc
(321) 394-2485
> -----Original Message-----
> From: Richard Koenning [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 28, 2002 7:39 AM
> To: [EMAIL PROTECTED]
> Subject: Re: OpenSSL Key Generation GUI for Windows
>
>
> At 12:55 27.01.2002 +0000, you wrote:
> >I'm thinking of writing a small GUI application that implements just
> >the 2 following functions of:
> >
> >*Create a self-signed certificate
> >*Create a private key
> >
> >First, is there such an application already around (I can't
> find any),
> >and secondly, would a random seed made from the current time (date,
> >hour, minutes, seconds, ms) be okay (this would be running under
> >Windows)?
>
> No! (regarding the random seed)
>
> Netscape has (afaik) used such a seeding (time and process
> id) in early versions of their browsers. The resulting keys
> were broken in just one or two hours with a simple PC (today
> it would probably just minutes). Look into the OpenSSL
> sources, in crypto/rand is some code for gathering entropy
> material under windows (iirc). Ciao, Richard Könning
>
>
> --
> Dr. Richard W. Könning
> Fujitsu Siemens Computers GmbH, EP LP COM 5
> Phone/Fax: +49-89-636-47852 / 47655
> E-Mail: [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
