F. wrote:
> Any way to collect only from HRNG?
> This can be a choice or not?
>
>> e_os.h
>>
>> #ifndef DEVRANDOM
>> /* set this to a comma-separated list of 'random' device files to try out.
>> * My default, we will try to read at least one of these files */
>> #define DEVRANDOM "/dev/random"
>> #endif
>>
Yes, this will assure that additional entropy will be mixed in from
/dev/random only.
Please not that still the OpenSSL internal PRNG will be used, it is just
the seed that is used from specific sources. If you add seed explicitly
the part loaded via DEVRANDOM is only "on top". We also add
process ids, system time etc for good measure just to stir the pool
as "on top" does not hurt.
If you do not agree with this policy you can add an engine code to
provide the internally used random numbers according to your
policy.
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
