F. wrote: > Any way to collect only from HRNG? > This can be a choice or not? > >> e_os.h >> >> #ifndef DEVRANDOM >> /* set this to a comma-separated list of 'random' device files to try out. >> * My default, we will try to read at least one of these files */ >> #define DEVRANDOM "/dev/random" >> #endif >>
Yes, this will assure that additional entropy will be mixed in from /dev/random only. Please not that still the OpenSSL internal PRNG will be used, it is just the seed that is used from specific sources. If you add seed explicitly the part loaded via DEVRANDOM is only "on top". We also add process ids, system time etc for good measure just to stir the pool as "on top" does not hurt. If you do not agree with this policy you can add an engine code to provide the internally used random numbers according to your policy. Best regards, Lutz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]