Great. Thanks for the info.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Bernhard Froehlich > Sent: Monday, January 31, 2005 11:39 PM > To: openssl-users@openssl.org > Subject: Re: Seed PRNG on Windows > > Edward Chan wrote: > > >Thanks. I guess I should have did that first. My apologies. But I > >couldn't find the answer to my next question. If the PRNG > is already > >seeded using the Crypto API, how many bits of entropy are > used to seed it? > > > > > The following code is in crypto/rand/rand_win.c: > > >>>>>>>>>>>>>>>>>>>>>> > BYTE buf[64]; > . > . > . > if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, > CRYPT_VERIFYCONTEXT)) > { > if (gen(hProvider, sizeof(buf), buf) != 0) > { > RAND_add(buf, sizeof(buf), 0); #if 0 > printf("randomness from PROV_RSA_FULL\n"); #endif > } > release(hProvider, 0); > } > <<<<<<<<<<<<<<<<<<<<<<<< > > So IMHO there are at least 64 Bytes (or 512 Bits) of added > entropy on each call of RAND_poll. > In adition some network statistics as well as memory status, > current cursor position and several other things are added to > the random pool if they can be acquired (which should be the > case on a Win2000+ machine). > Hard to guess the entropy from that, but I think it might be > an additional 32 to 64 Bytes. > > Note that on Windows CE it might be considerably less since I > do not know if the Crypto API is available on every platform. > > So the added entropy per call is fix, if you need more you > can use additional calls to RAND_poll. And of course you can > still use RAND_add yourself if you have a reliable source of > randomness. > > >On linux, I make it configurable thru a call to > > > >RAND_load_file("/dev/random/", iEntropy); // iEntroy = # bytes of > >entropy to use > > > >Is this correct for linux? > > > > > It sounds correct, but my knowledge in this area on Linux is > considerably lower... ;) > > >Thanks, > >Ed > > > > > Ted > ;) > > -- > PGP Public Key Information > Download complete Key from http://www.convey.de/ted/tedkey_convey.asc > Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
