Ed I am not sure about its entropy but you can use the egads_randstring() function to generate data which is faster than calling egads_entropy() directly. I have used it with nBytes = 1024 and it only takes a few seconds.
Marcus ----- Original Message ----- From: "Edward Chan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 22, 2002 10:52 PM Subject: Re: anybody using EGADS? > Ah, thanks Marcus. We're talking bits, not bytes, I > see. In that case, I'm using way too big a number. > > Thanks, > Ed > > > --- Marcus Carey <[EMAIL PROTECTED]> wrote: > > Ed > > > > > > See the book "Network Security with OpensSSL." > > > > With 4 bits of entropy, an attacker has 1 in 16 > > chances of guessing the > > right seed. > > > > If you're creating 128-bit keys you should use 128 > > bits of entropy anything > > less than 64 bits may not be secure enough. > > I am not sure how nBytes is read. To get 128 bits > > of entropy you should use > > nBytes = 16. Right? > > > > However at nBytes = 128 it takes about 55 seconds to > > gather entropy on > > Windows. > > > > > > Marcus > > > > > > > > ----- Original Message ----- > > From: "Edward Chan" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, October 22, 2002 1:13 PM > > Subject: Re: anybody using EGADS? > > > > > > > Hi Stephen, > > > > > > Thanks for the reply. You're absolutely right. > > It > > > does appear that I am not blocked > > indefinitely...it > > > certainly does take a while to gather entropy. I > > was > > > using nBytes = 1024. Then I tried 512. Still > > very > > > long time. > > > > > > Any suggestions on what a number should be for > > > acceptable randomness? > > > > > > Does anybody have any alternative suggestions? > > Does > > > anybody know how Apache seeds the OpenSSL PRNG on > > > Windows? I think Apache uses OpenSSL don't they? > > > > > > Thanks, > > > Ed > > > > > > --- "Stephen G. Schoggen" > > <[EMAIL PROTECTED]> > > > wrote: > > > > Ed, > > > > > > > > I tried EGADS on Windows (PIII 866) and found > > that > > > > it's time to > > > > 'gather entropy' was noticeable beyond nBytes=4. > > So > > > > if you use a > > > > relatively large nBytes, then it would appear to > > > > block. > > > > > > > > Steve > > > > > > > > > > > > >Hi there, > > > > > > > > > >Is anybody using EGADS on Windows? I'm having > > a > > > > >problem using it. I've downloaded the source > > and > > > > >built everything. The egads service is > > running. > > > > I've > > > > >written a program that links with egads.dll. I > > > > have a > > > > >function that tries to see the OpenSSL PRNG : > > > > > > > > > >bool seedPRNG(int nBytes) > > > > >{ > > > > > prngctx_t ctx; > > > > > int nError; > > > > > > > > > > egads_init(&ctx, 0, 0, &nError); > > > > > if (nError != 0) > > > > > { > > > > > DEBUG_TRACE1(_T("egads_init() failed : %d (Is > > > > egads > > > > >service running???)"), nError); > > > > > return false; > > > > > } > > > > > > > > > > char* pBuf = new char[nBytes + 1]; > > > > > egads_entropy(&ctx, pBuf, nBytes, &nError); > > > > > bool bOK = (0 == nError); > > > > > if (bOK) > > > > > { > > > > > RAND_seed(pBuf, nBytes); > > > > > } > > > > > delete [] pBuf; > > > > > > > > > > egads_destroy(&ctx); > > > > > return bOK; > > > > >} > > > > > > > > > >However, I seem to be blocking inside > > (presumably > > > > as > > > > >egads gathers entropy), but it seems like I > > never > > > > >unblock. Can anybody tell me what I'm doing > > wrong? > > > > > > > > > >Thanks, > > > > >Ed > > > > > > > > > > > >__________________________________________________ > > > > >Do you Yahoo!? > > > > >Y! Web Hosting - Let the expert host your web > > site > > > > >http://webhosting.yahoo.com/ > > > > > > > > > > >______________________________________________________________________ > > > > >OpenSSL Project > > > > http://www.openssl.org > > > > >User Support Mailing List > > > > [EMAIL PROTECTED] > > > > >Automated List Manager > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > ______________________________________________________________________ > > > > OpenSSL Project > > > > http://www.openssl.org > > > > User Support Mailing List > > > > [EMAIL PROTECTED] > > > > Automated List Manager > > > [EMAIL PROTECTED] > > > > > > > > > __________________________________________________ > > > Do you Yahoo!? > > > Y! Web Hosting - Let the expert host your web site > > > http://webhosting.yahoo.com/ > > > > > > ______________________________________________________________________ > > > OpenSSL Project > > http://www.openssl.org > > > User Support Mailing List > > [EMAIL PROTECTED] > > > Automated List Manager > > [EMAIL PROTECTED] > > > > > ______________________________________________________________________ > > OpenSSL Project > > http://www.openssl.org > > User Support Mailing List > > [EMAIL PROTECTED] > > Automated List Manager > [EMAIL PROTECTED] > > > __________________________________________________ > Do you Yahoo!? > Y! Web Hosting - Let the expert host your web site > http://webhosting.yahoo.com/ > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]