On Thu May 19 2011, Tim Watts wrote: > I think I might add some "randomness" into mine - seems easy enough. I > won't pretend I fully understand why - mostly because I wasn't clear why > the serial is important. >
If your CPU has a 'time stamp register' (cycle counts since power-up) - You can grab those contents as your counter (usually 8 bytes worth). Since this counter advances rapidly (GHz range today) it is unlikely you will ever have two machines, or two serial number creations, that strike at the same clock cycle since power-up. (Thats a pretty small target to hit.) Usually that will cost you one or two machine cycles to read the counter. Relatively fast way to get "an 8 byte number I haven't used before". Concantinate that with 8 bytes of something else of your choice that doesn't vary with the clock cycles since power up. If truly paranoid - 'whiten' with the hash function of your choice. (or with AES as in another post here - many machines can do AES in hardware.) Mike ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
