Re: OpenSSL Key Generation GUI for Windows
At 12:55 27.01.2002 +, you wrote: I'm thinking of writing a small GUI application that implements just the 2 following functions of: *Create a self-signed certificate *Create a private key First, is there such an application already around (I can't find any), and secondly, would a random seed made from the current time (date, hour, minutes, seconds, ms) be okay (this would be running under Windows)? No! (regarding the random seed) Netscape has (afaik) used such a seeding (time and process id) in early versions of their browsers. The resulting keys were broken in just one or two hours with a simple PC (today it would probably just minutes). Look into the OpenSSL sources, in crypto/rand is some code for gathering entropy material under windows (iirc). Ciao, Richard Könning -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, EP LP COM 5 Phone/Fax: +49-89-636-47852 / 47655 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL Key Generation GUI for Windows
Title: RE: OpenSSL Key Generation GUI for Windows I was under the impression that on windows OpenSSL uses RAND_screen which will obtain random data from the screen and mouse events? Shouldn't you use that? - Andrew T. Finnell Software Engineer eSecurity Inc (321) 394-2485 -Original Message- From: Richard Koenning [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:39 AM To: [EMAIL PROTECTED] Subject: Re: OpenSSL Key Generation GUI for Windows At 12:55 27.01.2002 +, you wrote: I'm thinking of writing a small GUI application that implements just the 2 following functions of: *Create a self-signed certificate *Create a private key First, is there such an application already around (I can't find any), and secondly, would a random seed made from the current time (date, hour, minutes, seconds, ms) be okay (this would be running under Windows)? No! (regarding the random seed) Netscape has (afaik) used such a seeding (time and process id) in early versions of their browsers. The resulting keys were broken in just one or two hours with a simple PC (today it would probably just minutes). Look into the OpenSSL sources, in crypto/rand is some code for gathering entropy material under windows (iirc). Ciao, Richard Könning -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, EP LP COM 5 Phone/Fax: +49-89-636-47852 / 47655 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL Key Generation GUI for Windows
I was under the impression that on windows OpenSSL uses RAND_screen which will obtain random data from the screen and mouse events? = Shouldn't you use that? OpenSSL uses a combination of method including walking the Process and Thread tables; importing network state information; walking the memory allocation tables; reading screen data; and including data from the Windows crypto apis. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL Key Generation GUI for Windows
At 09:09 28.01.2002 -0500, you wrote: I was under the impression that on windows OpenSSL uses RAND_screen which will obtain random data from the screen and mouse events? Shouldn't you use that? Exactly this function (in crypto/rand/rand_win.c) i had on my mind, but i was too lazy to lookup the name. Jeffrey has already described in more detail how this function gathers entropy. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, EP LP COM 5 Phone/Fax: +49-89-636-47852 / 47655 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]