RE: openssl Newbie ( PRNG seed )

Wed, 11 Sep 2002 07:19:41 -0700 

    
Hi,
   Thanks for the reply.
   But, I have another problem:
        My appln was initially using openssl 0.9.4 and it  
was calling RAND_screen() for each client.
       Now I have moved to openssl 0.6e and what I have observed is that the 
RAND_screen() takes a significant amount of time about 10 sec. and makes my appl'n 
slow.
Also, my appl'n is multithreaded and the time RAND_screen() takes seems to be 
proportional to the number of threads (clients) I fire ( Each thread does call 
RAND_screen() only once ). I do not know how is that related ? Can anybody help ?
        Also, If my client uses a hardcoded seed but my server doesn't how am I (the 
connection) vulnerable ?

        Please help,

           Thanks,
              Neelay S Shah

 
          
     
----- Original Message -----
From: "Ed Sanborn" <[EMAIL PROTECTED]>
Date: Wed, 4 Sep 2002 11:39:01 -0400
To: <[EMAIL PROTECTED]>
Subject: RE: openssl Newbie ( PRNG seed )


> Hi Rich,
> 
>   Any chance you can help me?  I am testing my outbound email.
> Can you please reply to me so that I can see if my message
> made it to you?
> 
> Thanks,
> 
>         Ed
> 
> -----Original Message-----
> From: Rich Salz [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 04, 2002 11:27 AM
> To: [EMAIL PROTECTED]
> Subject: Re: openssl Newbie ( PRNG seed )
> 
> 
> >>    "How important is the PRNG seed to the 
> >>    total security of your program ?"
> 
> How quickly they forget... :(
> 
> Your SSL connections can be broken.  Several years ago Netscape used a 
> poor random seed (like getpid() or'd into the time() or some such), and 
> Dave Wagner (et al) at Berkeley were able to completely decode the SSL 
> traffic.
> 
> Don't do this.  Don't do this.  Do not do this.
>       /r$
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 

    
-- 
_______________________________________________
Get your free email from http://mymail.operamail.com

Powered by Outblaze
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to