Ah, thanks Marcus. We're talking bits, not bytes, I see. In that case, I'm using way too big a number.
Thanks, Ed --- Marcus Carey <[EMAIL PROTECTED]> wrote: > Ed > > > See the book "Network Security with OpensSSL." > > With 4 bits of entropy, an attacker has 1 in 16 > chances of guessing the > right seed. > > If you're creating 128-bit keys you should use 128 > bits of entropy anything > less than 64 bits may not be secure enough. > I am not sure how nBytes is read. To get 128 bits > of entropy you should use > nBytes = 16. Right? > > However at nBytes = 128 it takes about 55 seconds to > gather entropy on > Windows. > > > Marcus > > > > ----- Original Message ----- > From: "Edward Chan" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, October 22, 2002 1:13 PM > Subject: Re: anybody using EGADS? > > > > Hi Stephen, > > > > Thanks for the reply. You're absolutely right. > It > > does appear that I am not blocked > indefinitely...it > > certainly does take a while to gather entropy. I > was > > using nBytes = 1024. Then I tried 512. Still > very > > long time. > > > > Any suggestions on what a number should be for > > acceptable randomness? > > > > Does anybody have any alternative suggestions? > Does > > anybody know how Apache seeds the OpenSSL PRNG on > > Windows? I think Apache uses OpenSSL don't they? > > > > Thanks, > > Ed > > > > --- "Stephen G. Schoggen" > <[EMAIL PROTECTED]> > > wrote: > > > Ed, > > > > > > I tried EGADS on Windows (PIII 866) and found > that > > > it's time to > > > 'gather entropy' was noticeable beyond nBytes=4. > So > > > if you use a > > > relatively large nBytes, then it would appear to > > > block. > > > > > > Steve > > > > > > > > > >Hi there, > > > > > > > >Is anybody using EGADS on Windows? I'm having > a > > > >problem using it. I've downloaded the source > and > > > >built everything. The egads service is > running. > > > I've > > > >written a program that links with egads.dll. I > > > have a > > > >function that tries to see the OpenSSL PRNG : > > > > > > > >bool seedPRNG(int nBytes) > > > >{ > > > > prngctx_t ctx; > > > > int nError; > > > > > > > > egads_init(&ctx, 0, 0, &nError); > > > > if (nError != 0) > > > > { > > > > DEBUG_TRACE1(_T("egads_init() failed : %d (Is > > > egads > > > >service running???)"), nError); > > > > return false; > > > > } > > > > > > > > char* pBuf = new char[nBytes + 1]; > > > > egads_entropy(&ctx, pBuf, nBytes, &nError); > > > > bool bOK = (0 == nError); > > > > if (bOK) > > > > { > > > > RAND_seed(pBuf, nBytes); > > > > } > > > > delete [] pBuf; > > > > > > > > egads_destroy(&ctx); > > > > return bOK; > > > >} > > > > > > > >However, I seem to be blocking inside > (presumably > > > as > > > >egads gathers entropy), but it seems like I > never > > > >unblock. Can anybody tell me what I'm doing > wrong? > > > > > > > >Thanks, > > > >Ed > > > > > > > > >__________________________________________________ > > > >Do you Yahoo!? > > > >Y! Web Hosting - Let the expert host your web > site > > > >http://webhosting.yahoo.com/ > > > > > > >______________________________________________________________________ > > > >OpenSSL Project > > > http://www.openssl.org > > > >User Support Mailing List > > > [EMAIL PROTECTED] > > > >Automated List Manager > > > [EMAIL PROTECTED] > > > > > > > > > ______________________________________________________________________ > > > OpenSSL Project > > > http://www.openssl.org > > > User Support Mailing List > > > [EMAIL PROTECTED] > > > Automated List Manager > > [EMAIL PROTECTED] > > > > > > __________________________________________________ > > Do you Yahoo!? > > Y! Web Hosting - Let the expert host your web site > > http://webhosting.yahoo.com/ > > > ______________________________________________________________________ > > OpenSSL Project > http://www.openssl.org > > User Support Mailing List > [EMAIL PROTECTED] > > Automated List Manager > [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]