Ed
See the book "Network Security with OpensSSL."
With 4 bits of entropy, an attacker has 1 in 16 chances of guessing the
right seed.
If you're creating 128-bit keys you should use 128 bits of entropy anything
less than 64 bits may not be secure enough.
I am not sure how nBytes is read. To get 128 bits of entropy you should use
nBytes = 16. Right?
However at nBytes = 128 it takes about 55 seconds to gather entropy on
Windows.
Marcus
----- Original Message -----
From: "Edward Chan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 22, 2002 1:13 PM
Subject: Re: anybody using EGADS?
> Hi Stephen,
>
> Thanks for the reply. You're absolutely right. It
> does appear that I am not blocked indefinitely...it
> certainly does take a while to gather entropy. I was
> using nBytes = 1024. Then I tried 512. Still very
> long time.
>
> Any suggestions on what a number should be for
> acceptable randomness?
>
> Does anybody have any alternative suggestions? Does
> anybody know how Apache seeds the OpenSSL PRNG on
> Windows? I think Apache uses OpenSSL don't they?
>
> Thanks,
> Ed
>
> --- "Stephen G. Schoggen" <[EMAIL PROTECTED]>
> wrote:
> > Ed,
> >
> > I tried EGADS on Windows (PIII 866) and found that
> > it's time to
> > 'gather entropy' was noticeable beyond nBytes=4. So
> > if you use a
> > relatively large nBytes, then it would appear to
> > block.
> >
> > Steve
> >
> >
> > >Hi there,
> > >
> > >Is anybody using EGADS on Windows? I'm having a
> > >problem using it. I've downloaded the source and
> > >built everything. The egads service is running.
> > I've
> > >written a program that links with egads.dll. I
> > have a
> > >function that tries to see the OpenSSL PRNG :
> > >
> > >bool seedPRNG(int nBytes)
> > >{
> > > prngctx_t ctx;
> > > int nError;
> > >
> > > egads_init(&ctx, 0, 0, &nError);
> > > if (nError != 0)
> > > {
> > > DEBUG_TRACE1(_T("egads_init() failed : %d (Is
> > egads
> > >service running???)"), nError);
> > > return false;
> > > }
> > >
> > > char* pBuf = new char[nBytes + 1];
> > > egads_entropy(&ctx, pBuf, nBytes, &nError);
> > > bool bOK = (0 == nError);
> > > if (bOK)
> > > {
> > > RAND_seed(pBuf, nBytes);
> > > }
> > > delete [] pBuf;
> > >
> > > egads_destroy(&ctx);
> > > return bOK;
> > >}
> > >
> > >However, I seem to be blocking inside (presumably
> > as
> > >egads gathers entropy), but it seems like I never
> > >unblock. Can anybody tell me what I'm doing wrong?
> > >
> > >Thanks,
> > >Ed
> > >
> > >__________________________________________________
> > >Do you Yahoo!?
> > >Y! Web Hosting - Let the expert host your web site
> > >http://webhosting.yahoo.com/
> >
> >______________________________________________________________________
> > >OpenSSL Project
> > http://www.openssl.org
> > >User Support Mailing List
> > [EMAIL PROTECTED]
> > >Automated List Manager
> > [EMAIL PROTECTED]
> >
> >
> ______________________________________________________________________
> > OpenSSL Project
> > http://www.openssl.org
> > User Support Mailing List
> > [EMAIL PROTECTED]
> > Automated List Manager
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Do you Yahoo!?
> Y! Web Hosting - Let the expert host your web site
> http://webhosting.yahoo.com/
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
