Ah, thanks Marcus. We're talking bits, not bytes, I
see. In that case, I'm using way too big a number.
Thanks,
Ed
--- Marcus Carey <[EMAIL PROTECTED]> wrote:
> Ed
>
>
> See the book "Network Security with OpensSSL."
>
> With 4 bits of entropy, an attacker has 1 in 16
> chances of guessing the
> right seed.
>
> If you're creating 128-bit keys you should use 128
> bits of entropy anything
> less than 64 bits may not be secure enough.
> I am not sure how nBytes is read. To get 128 bits
> of entropy you should use
> nBytes = 16. Right?
>
> However at nBytes = 128 it takes about 55 seconds to
> gather entropy on
> Windows.
>
>
> Marcus
>
>
>
> ----- Original Message -----
> From: "Edward Chan" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, October 22, 2002 1:13 PM
> Subject: Re: anybody using EGADS?
>
>
> > Hi Stephen,
> >
> > Thanks for the reply. You're absolutely right.
> It
> > does appear that I am not blocked
> indefinitely...it
> > certainly does take a while to gather entropy. I
> was
> > using nBytes = 1024. Then I tried 512. Still
> very
> > long time.
> >
> > Any suggestions on what a number should be for
> > acceptable randomness?
> >
> > Does anybody have any alternative suggestions?
> Does
> > anybody know how Apache seeds the OpenSSL PRNG on
> > Windows? I think Apache uses OpenSSL don't they?
> >
> > Thanks,
> > Ed
> >
> > --- "Stephen G. Schoggen"
> <[EMAIL PROTECTED]>
> > wrote:
> > > Ed,
> > >
> > > I tried EGADS on Windows (PIII 866) and found
> that
> > > it's time to
> > > 'gather entropy' was noticeable beyond nBytes=4.
> So
> > > if you use a
> > > relatively large nBytes, then it would appear to
> > > block.
> > >
> > > Steve
> > >
> > >
> > > >Hi there,
> > > >
> > > >Is anybody using EGADS on Windows? I'm having
> a
> > > >problem using it. I've downloaded the source
> and
> > > >built everything. The egads service is
> running.
> > > I've
> > > >written a program that links with egads.dll. I
> > > have a
> > > >function that tries to see the OpenSSL PRNG :
> > > >
> > > >bool seedPRNG(int nBytes)
> > > >{
> > > > prngctx_t ctx;
> > > > int nError;
> > > >
> > > > egads_init(&ctx, 0, 0, &nError);
> > > > if (nError != 0)
> > > > {
> > > > DEBUG_TRACE1(_T("egads_init() failed : %d (Is
> > > egads
> > > >service running???)"), nError);
> > > > return false;
> > > > }
> > > >
> > > > char* pBuf = new char[nBytes + 1];
> > > > egads_entropy(&ctx, pBuf, nBytes, &nError);
> > > > bool bOK = (0 == nError);
> > > > if (bOK)
> > > > {
> > > > RAND_seed(pBuf, nBytes);
> > > > }
> > > > delete [] pBuf;
> > > >
> > > > egads_destroy(&ctx);
> > > > return bOK;
> > > >}
> > > >
> > > >However, I seem to be blocking inside
> (presumably
> > > as
> > > >egads gathers entropy), but it seems like I
> never
> > > >unblock. Can anybody tell me what I'm doing
> wrong?
> > > >
> > > >Thanks,
> > > >Ed
> > > >
> > >
> >__________________________________________________
> > > >Do you Yahoo!?
> > > >Y! Web Hosting - Let the expert host your web
> site
> > > >http://webhosting.yahoo.com/
> > >
> >
>
>______________________________________________________________________
> > > >OpenSSL Project
> > > http://www.openssl.org
> > > >User Support Mailing List
> > > [EMAIL PROTECTED]
> > > >Automated List Manager
> > > [EMAIL PROTECTED]
> > >
> > >
> >
>
______________________________________________________________________
> > > OpenSSL Project
> > > http://www.openssl.org
> > > User Support Mailing List
> > > [EMAIL PROTECTED]
> > > Automated List Manager
> > [EMAIL PROTECTED]
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Y! Web Hosting - Let the expert host your web site
> > http://webhosting.yahoo.com/
> >
>
______________________________________________________________________
> > OpenSSL Project
> http://www.openssl.org
> > User Support Mailing List
> [EMAIL PROTECTED]
> > Automated List Manager
> [EMAIL PROTECTED]
>
>
______________________________________________________________________
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
