> On 31 May 2018, at 1:35 AM, Michael Wojcik <michael.woj...@microfocus.com> > wrote: > >> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf >> Of FooCrypt >> Sent: Wednesday, May 30, 2018 10:46 >> To: openssl-users@openssl.org >> Subject: Re: [openssl-users] PRNG is not seeded >> >>> On 30 May 2018, at 11:55 PM, Michael Wojcik >> <michael.woj...@microfocus.com> wrote: >>> >>> Where would openssl rand be getting its entropy from, in this case? You >> have a circular dependency: openssl needs entropy, so it tries to get it from >> PRNGD; and you're asking openssl to put entropy into PRNGD. >>> >> >> Usage: rand [options] num > > Spare me, please. > >> RAND(1) describes the multiplicity of sources that can all be used together >> in >> some detail. > > And why do you think this solves the problem?
Well its HP’s problem, not openssl’s > >> The rand command outputs num pseudo-random bytes after seeding the >> random number generator once. > > So all the entropy you can get from the output of "openssl rand" is whatever > OpenSSL was able to gather when it seeded the PRNG. Which is exactly the > problem Scott was trying to solve. > >> Make some .rnd’s > > YOU STILL HAVE TO FIND ENTROPY TO PUT IN THEM. All you're doing is pushing > the problem around the plate. generate them on another host > >> >> dd if=/dev/[SOMEDEVICE] of=~/.rnd bs=1 count=1024 > > Where [SOMEDEVICE] is your magical unicorn entropy device? well its not /dev/random, its a HPE NonStop with no entropy that stops the application. > >> Make an engine > > I already mentioned the engine interface in my previous response. And if this > is an option for Scott, it would be much better to use the engine in his > application, rather than going through the rigamarole of running "openssl > rand" to grab some entropy from it. The command-line utility is useful iff he > can't change the application. HPE NonStops don’t have DTrace > >> Microphones work wonders > > No, they really don't. Look at the literature. (And, again, I mentioned > sensors in my previous response.) > >> and you can play with the sound, count, >> etc….etc….etc... > > Cargo-cult entropy gathering. It may be fine under a given threat model, but > we have no idea what Scott's is. As general advice it's poor. Probably financial sector, with PCI compliance and they can;t afford /dev/random or /dev/urandom > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
