Ed
I am not sure about its entropy but you can use the
egads_randstring() function to generate data which is faster than calling
egads_entropy() directly. I have used it with nBytes = 1024 and it only
takes a few seconds.
Marcus
----- Original Message -----
From: "Edward Chan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 22, 2002 10:52 PM
Subject: Re: anybody using EGADS?
> Ah, thanks Marcus. We're talking bits, not bytes, I
> see. In that case, I'm using way too big a number.
>
> Thanks,
> Ed
>
>
> --- Marcus Carey <[EMAIL PROTECTED]> wrote:
> > Ed
> >
> >
> > See the book "Network Security with OpensSSL."
> >
> > With 4 bits of entropy, an attacker has 1 in 16
> > chances of guessing the
> > right seed.
> >
> > If you're creating 128-bit keys you should use 128
> > bits of entropy anything
> > less than 64 bits may not be secure enough.
> > I am not sure how nBytes is read. To get 128 bits
> > of entropy you should use
> > nBytes = 16. Right?
> >
> > However at nBytes = 128 it takes about 55 seconds to
> > gather entropy on
> > Windows.
> >
> >
> > Marcus
> >
> >
> >
> > ----- Original Message -----
> > From: "Edward Chan" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, October 22, 2002 1:13 PM
> > Subject: Re: anybody using EGADS?
> >
> >
> > > Hi Stephen,
> > >
> > > Thanks for the reply. You're absolutely right.
> > It
> > > does appear that I am not blocked
> > indefinitely...it
> > > certainly does take a while to gather entropy. I
> > was
> > > using nBytes = 1024. Then I tried 512. Still
> > very
> > > long time.
> > >
> > > Any suggestions on what a number should be for
> > > acceptable randomness?
> > >
> > > Does anybody have any alternative suggestions?
> > Does
> > > anybody know how Apache seeds the OpenSSL PRNG on
> > > Windows? I think Apache uses OpenSSL don't they?
> > >
> > > Thanks,
> > > Ed
> > >
> > > --- "Stephen G. Schoggen"
> > <[EMAIL PROTECTED]>
> > > wrote:
> > > > Ed,
> > > >
> > > > I tried EGADS on Windows (PIII 866) and found
> > that
> > > > it's time to
> > > > 'gather entropy' was noticeable beyond nBytes=4.
> > So
> > > > if you use a
> > > > relatively large nBytes, then it would appear to
> > > > block.
> > > >
> > > > Steve
> > > >
> > > >
> > > > >Hi there,
> > > > >
> > > > >Is anybody using EGADS on Windows? I'm having
> > a
> > > > >problem using it. I've downloaded the source
> > and
> > > > >built everything. The egads service is
> > running.
> > > > I've
> > > > >written a program that links with egads.dll. I
> > > > have a
> > > > >function that tries to see the OpenSSL PRNG :
> > > > >
> > > > >bool seedPRNG(int nBytes)
> > > > >{
> > > > > prngctx_t ctx;
> > > > > int nError;
> > > > >
> > > > > egads_init(&ctx, 0, 0, &nError);
> > > > > if (nError != 0)
> > > > > {
> > > > > DEBUG_TRACE1(_T("egads_init() failed : %d (Is
> > > > egads
> > > > >service running???)"), nError);
> > > > > return false;
> > > > > }
> > > > >
> > > > > char* pBuf = new char[nBytes + 1];
> > > > > egads_entropy(&ctx, pBuf, nBytes, &nError);
> > > > > bool bOK = (0 == nError);
> > > > > if (bOK)
> > > > > {
> > > > > RAND_seed(pBuf, nBytes);
> > > > > }
> > > > > delete [] pBuf;
> > > > >
> > > > > egads_destroy(&ctx);
> > > > > return bOK;
> > > > >}
> > > > >
> > > > >However, I seem to be blocking inside
> > (presumably
> > > > as
> > > > >egads gathers entropy), but it seems like I
> > never
> > > > >unblock. Can anybody tell me what I'm doing
> > wrong?
> > > > >
> > > > >Thanks,
> > > > >Ed
> > > > >
> > > >
> > >__________________________________________________
> > > > >Do you Yahoo!?
> > > > >Y! Web Hosting - Let the expert host your web
> > site
> > > > >http://webhosting.yahoo.com/
> > > >
> > >
> >
> >______________________________________________________________________
> > > > >OpenSSL Project
> > > > http://www.openssl.org
> > > > >User Support Mailing List
> > > > [EMAIL PROTECTED]
> > > > >Automated List Manager
> > > > [EMAIL PROTECTED]
> > > >
> > > >
> > >
> >
> ______________________________________________________________________
> > > > OpenSSL Project
> > > > http://www.openssl.org
> > > > User Support Mailing List
> > > > [EMAIL PROTECTED]
> > > > Automated List Manager
> > > [EMAIL PROTECTED]
> > >
> > >
> > > __________________________________________________
> > > Do you Yahoo!?
> > > Y! Web Hosting - Let the expert host your web site
> > > http://webhosting.yahoo.com/
> > >
> >
> ______________________________________________________________________
> > > OpenSSL Project
> > http://www.openssl.org
> > > User Support Mailing List
> > [EMAIL PROTECTED]
> > > Automated List Manager
> > [EMAIL PROTECTED]
> >
> >
> ______________________________________________________________________
> > OpenSSL Project
> > http://www.openssl.org
> > User Support Mailing List
> > [EMAIL PROTECTED]
> > Automated List Manager
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Do you Yahoo!?
> Y! Web Hosting - Let the expert host your web site
> http://webhosting.yahoo.com/
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
