Hi, Thanks for the reply. But, I have another problem: My appln was initially using openssl 0.9.4 and it was calling RAND_screen() for each client. Now I have moved to openssl 0.6e and what I have observed is that the RAND_screen() takes a significant amount of time about 10 sec. and makes my appl'n slow. Also, my appl'n is multithreaded and the time RAND_screen() takes seems to be proportional to the number of threads (clients) I fire ( Each thread does call RAND_screen() only once ). I do not know how is that related ? Can anybody help ? Also, If my client uses a hardcoded seed but my server doesn't how am I (the connection) vulnerable ?
Please help, Thanks, Neelay S Shah ----- Original Message ----- From: "Ed Sanborn" <[EMAIL PROTECTED]> Date: Wed, 4 Sep 2002 11:39:01 -0400 To: <[EMAIL PROTECTED]> Subject: RE: openssl Newbie ( PRNG seed ) > Hi Rich, > > Any chance you can help me? I am testing my outbound email. > Can you please reply to me so that I can see if my message > made it to you? > > Thanks, > > Ed > > -----Original Message----- > From: Rich Salz [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 04, 2002 11:27 AM > To: [EMAIL PROTECTED] > Subject: Re: openssl Newbie ( PRNG seed ) > > > >> "How important is the PRNG seed to the > >> total security of your program ?" > > How quickly they forget... :( > > Your SSL connections can be broken. Several years ago Netscape used a > poor random seed (like getpid() or'd into the time() or some such), and > Dave Wagner (et al) at Berkeley were able to completely decode the SSL > traffic. > > Don't do this. Don't do this. Do not do this. > /r$ > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- _______________________________________________ Get your free email from http://mymail.operamail.com Powered by Outblaze ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]