Ted Mittelstaedt wrote:
Actually, regardless of the cipher you use, unless you have
a truly random source of numbers, your going to undermine the
strength of your encryption. For an embedded system, such a
thing has to be designed in from the get-go, as a software
PRNG is generally nowhere near good enough.
The AMD and Intel CPU's both have hardware random number
generators on-chip. That is, the most advanced and expensive
CPUs do. I don't know that these are in common use among
embedded systems yet, though.
Hardware Random Bit Generators have variable bit rates, and
maximum bit rates that peak at about 16k bps. This isn't
enough material for padding, keys, nonces, etc. on a busy
server.
The solution still is to create a /dev/random style device with
a strong PRNG (Yarrow, Tenebras) taking random bits as they
become available from the true source of randomness to perturb
the internal state.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
