Re: anybody using EGADS?
The OpenSSL PRNG feels that it is fully seeded with 160 bits, i.e. 20 bytes of entropy. In rand_lcl.h the symbol ENTROPY_NEEDED is defined to 20. In 0.9.6g at least. Tim --- Edward Chan [EMAIL PROTECTED] wrote: Hi Stephen, Thanks for the reply. You're absolutely right. It does appear that I am not blocked indefinitely...it certainly does take a while to gather entropy. I was using nBytes = 1024. Then I tried 512. Still very long time. Any suggestions on what a number should be for acceptable randomness? Does anybody have any alternative suggestions? Does anybody know how Apache seeds the OpenSSL PRNG on Windows? I think Apache uses OpenSSL don't they? Thanks, Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Ed, I tried EGADS on Windows (PIII 866) and found that it's time to 'gather entropy' was noticeable beyond nBytes=4. So if you use a relatively large nBytes, then it would appear to block. Steve Hi there, Is anybody using EGADS on Windows? I'm having a problem using it. I've downloaded the source and built everything. The egads service is running. I've written a program that links with egads.dll. I have a function that tries to see the OpenSSL PRNG : bool seedPRNG(int nBytes) { prngctx_t ctx; int nError; egads_init(ctx, 0, 0, nError); if (nError != 0) { DEBUG_TRACE1(_T(egads_init() failed : %d (Is egads service running???)), nError); return false; } char* pBuf = new char[nBytes + 1]; egads_entropy(ctx, pBuf, nBytes, nError); bool bOK = (0 == nError); if (bOK) { RAND_seed(pBuf, nBytes); } delete [] pBuf; egads_destroy(ctx); return bOK; } However, I seem to be blocking inside (presumably as egads gathers entropy), but it seems like I never unblock. Can anybody tell me what I'm doing wrong? Thanks, Ed __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: anybody using EGADS?
Ed I am not sure about its entropy but you can use the egads_randstring() function to generate data which is faster than calling egads_entropy() directly. I have used it with nBytes = 1024 and it only takes a few seconds. Marcus - Original Message - From: Edward Chan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 22, 2002 10:52 PM Subject: Re: anybody using EGADS? Ah, thanks Marcus. We're talking bits, not bytes, I see. In that case, I'm using way too big a number. Thanks, Ed --- Marcus Carey [EMAIL PROTECTED] wrote: Ed See the book Network Security with OpensSSL. With 4 bits of entropy, an attacker has 1 in 16 chances of guessing the right seed. If you're creating 128-bit keys you should use 128 bits of entropy anything less than 64 bits may not be secure enough. I am not sure how nBytes is read. To get 128 bits of entropy you should use nBytes = 16. Right? However at nBytes = 128 it takes about 55 seconds to gather entropy on Windows. Marcus - Original Message - From: Edward Chan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 22, 2002 1:13 PM Subject: Re: anybody using EGADS? Hi Stephen, Thanks for the reply. You're absolutely right. It does appear that I am not blocked indefinitely...it certainly does take a while to gather entropy. I was using nBytes = 1024. Then I tried 512. Still very long time. Any suggestions on what a number should be for acceptable randomness? Does anybody have any alternative suggestions? Does anybody know how Apache seeds the OpenSSL PRNG on Windows? I think Apache uses OpenSSL don't they? Thanks, Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Ed, I tried EGADS on Windows (PIII 866) and found that it's time to 'gather entropy' was noticeable beyond nBytes=4. So if you use a relatively large nBytes, then it would appear to block. Steve Hi there, Is anybody using EGADS on Windows? I'm having a problem using it. I've downloaded the source and built everything. The egads service is running. I've written a program that links with egads.dll. I have a function that tries to see the OpenSSL PRNG : bool seedPRNG(int nBytes) { prngctx_t ctx; int nError; egads_init(ctx, 0, 0, nError); if (nError != 0) { DEBUG_TRACE1(_T(egads_init() failed : %d (Is egads service running???)), nError); return false; } char* pBuf = new char[nBytes + 1]; egads_entropy(ctx, pBuf, nBytes, nError); bool bOK = (0 == nError); if (bOK) { RAND_seed(pBuf, nBytes); } delete [] pBuf; egads_destroy(ctx); return bOK; } However, I seem to be blocking inside (presumably as egads gathers entropy), but it seems like I never unblock. Can anybody tell me what I'm doing wrong? Thanks, Ed __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager
Re: anybody using EGADS?
Hi Stephen, Thanks for the reply. You're absolutely right. It does appear that I am not blocked indefinitely...it certainly does take a while to gather entropy. I was using nBytes = 1024. Then I tried 512. Still very long time. Any suggestions on what a number should be for acceptable randomness? Does anybody have any alternative suggestions? Does anybody know how Apache seeds the OpenSSL PRNG on Windows? I think Apache uses OpenSSL don't they? Thanks, Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Ed, I tried EGADS on Windows (PIII 866) and found that it's time to 'gather entropy' was noticeable beyond nBytes=4. So if you use a relatively large nBytes, then it would appear to block. Steve Hi there, Is anybody using EGADS on Windows? I'm having a problem using it. I've downloaded the source and built everything. The egads service is running. I've written a program that links with egads.dll. I have a function that tries to see the OpenSSL PRNG : bool seedPRNG(int nBytes) { prngctx_t ctx; int nError; egads_init(ctx, 0, 0, nError); if (nError != 0) { DEBUG_TRACE1(_T(egads_init() failed : %d (Is egads service running???)), nError); return false; } char* pBuf = new char[nBytes + 1]; egads_entropy(ctx, pBuf, nBytes, nError); bool bOK = (0 == nError); if (bOK) { RAND_seed(pBuf, nBytes); } delete [] pBuf; egads_destroy(ctx); return bOK; } However, I seem to be blocking inside (presumably as egads gathers entropy), but it seems like I never unblock. Can anybody tell me what I'm doing wrong? Thanks, Ed __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: anybody using EGADS?
Not exactly open source, but http://www.intel.com/design/security/rng/rng-capi.htm Accessing the Intel® Random Number Generator through a CSP for Microsoft* CryptoAPI describes how to access the Intel *hardware* RNG. Might be of some use to you on Windows platforms. (I believe some *NIXs use the same hardware to populate /dev/random when on Intel platforms.) Edward Chan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: owner-openssl-users@ Subject: Re: anybody using EGADS? openssl.org 10/22/2002 01:13 PM Please respond to openssl-users Hi Stephen, Thanks for the reply. You're absolutely right. It does appear that I am not blocked indefinitely...it certainly does take a while to gather entropy. I was using nBytes = 1024. Then I tried 512. Still very long time. Any suggestions on what a number should be for acceptable randomness? Does anybody have any alternative suggestions? Does anybody know how Apache seeds the OpenSSL PRNG on Windows? I think Apache uses OpenSSL don't they? Thanks, Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Ed, I tried EGADS on Windows (PIII 866) and found that it's time to 'gather entropy' was noticeable beyond nBytes=4. So if you use a relatively large nBytes, then it would appear to block. Steve Hi there, Is anybody using EGADS on Windows? I'm having a problem using it. I've downloaded the source and built everything. The egads service is running. I've written a program that links with egads.dll. I have a function that tries to see the OpenSSL PRNG : bool seedPRNG(int nBytes) { prngctx_t ctx; int nError; egads_init(ctx, 0, 0, nError); if (nError != 0) { DEBUG_TRACE1(_T(egads_init() failed : %d (Is egads service running???)), nError); return false; } char* pBuf = new char[nBytes + 1]; egads_entropy(ctx, pBuf, nBytes, nError); bool bOK = (0 == nError); if (bOK) { RAND_seed(pBuf, nBytes); } delete [] pBuf; egads_destroy(ctx); return bOK; } However, I seem to be blocking inside (presumably as egads gathers entropy), but it seems like I never unblock. Can anybody tell me what I'm doing wrong? Thanks, Ed __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED
Re: anybody using EGADS?
Hi Ed, Knowing very little about any of this cryptography stuff, I have no idea what value of nBytes is enough. I think the wisdom, though, is that it depends upon your situation. From what I've read, the whole purpose of cryptography is to make it too difficult for an attacker to succeed with an attack. Obviously, how much effort you have to make to thwart an attack depends to a significant degree upon how much effort the attacker is willing to make. That would depend upon how valuable the information is, etc. In my particular application of SSL, I don't think the information being transferred is terribly sensitive. So I just chose to use RAND_screen() on Windows to seed the PRNG. Although Viega, et. al., page 99 (Network Security with OpenSSL, O'Reilly), makes it clear that he thinks RAND_screen() is a poor choice at best, it is described as using a hash of the current screen scan-lines for entropy. I'm no math wiz, but it's hard for me to see how any attacker could determine what the results of that are, regardless of effort. Perhaps if the attacker can see the screen... I conclude that with cryptography, as with other things in life, we all just have to decide when enough is enough and move on. Steve Not exactly open source, but http://www.intel.com/design/security/rng/rng-capi.htm Accessing the Intel® Random Number Generator through a CSP for Microsoft* CryptoAPI describes how to access the Intel *hardware* RNG. Might be of some use to you on Windows platforms. (I believe some *NIXs use the same hardware to populate /dev/random when on Intel platforms.) Edward Chan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: owner-openssl-users@ Subject: Re: anybody using EGADS? openssl.org 10/22/2002 01:13 PM Please respond to openssl-users Hi Stephen, Thanks for the reply. You're absolutely right. It does appear that I am not blocked indefinitely...it certainly does take a while to gather entropy. I was using nBytes = 1024. Then I tried 512. Still very long time. Any suggestions on what a number should be for acceptable randomness? Does anybody have any alternative suggestions? Does anybody know how Apache seeds the OpenSSL PRNG on Windows? I think Apache uses OpenSSL don't they? Thanks, Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Ed, I tried EGADS on Windows (PIII 866) and found that it's time to 'gather entropy' was noticeable beyond nBytes=4. So if you use a relatively large nBytes, then it would appear to block. Steve Hi there, Is anybody using EGADS on Windows? I'm having a problem using it. I've downloaded the source and built everything. The egads service is running. I've written a program that links with egads.dll. I have a function that tries to see the OpenSSL PRNG : bool seedPRNG(int nBytes) { prngctx_t ctx; int nError; egads_init(ctx, 0, 0, nError); if (nError != 0) { DEBUG_TRACE1(_T(egads_init() failed : %d (Is egads service running???)), nError); return false; } char* pBuf = new char[nBytes + 1]; egads_entropy(ctx, pBuf, nBytes, nError); bool bOK = (0 == nError); if (bOK) { RAND_seed(pBuf, nBytes); } delete [] pBuf; egads_destroy(ctx); return bOK; } However
Re: anybody using EGADS?
Ed See the book Network Security with OpensSSL. With 4 bits of entropy, an attacker has 1 in 16 chances of guessing the right seed. If you're creating 128-bit keys you should use 128 bits of entropy anything less than 64 bits may not be secure enough. I am not sure how nBytes is read. To get 128 bits of entropy you should use nBytes = 16. Right? However at nBytes = 128 it takes about 55 seconds to gather entropy on Windows. Marcus - Original Message - From: Edward Chan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 22, 2002 1:13 PM Subject: Re: anybody using EGADS? Hi Stephen, Thanks for the reply. You're absolutely right. It does appear that I am not blocked indefinitely...it certainly does take a while to gather entropy. I was using nBytes = 1024. Then I tried 512. Still very long time. Any suggestions on what a number should be for acceptable randomness? Does anybody have any alternative suggestions? Does anybody know how Apache seeds the OpenSSL PRNG on Windows? I think Apache uses OpenSSL don't they? Thanks, Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Ed, I tried EGADS on Windows (PIII 866) and found that it's time to 'gather entropy' was noticeable beyond nBytes=4. So if you use a relatively large nBytes, then it would appear to block. Steve Hi there, Is anybody using EGADS on Windows? I'm having a problem using it. I've downloaded the source and built everything. The egads service is running. I've written a program that links with egads.dll. I have a function that tries to see the OpenSSL PRNG : bool seedPRNG(int nBytes) { prngctx_t ctx; int nError; egads_init(ctx, 0, 0, nError); if (nError != 0) { DEBUG_TRACE1(_T(egads_init() failed : %d (Is egads service running???)), nError); return false; } char* pBuf = new char[nBytes + 1]; egads_entropy(ctx, pBuf, nBytes, nError); bool bOK = (0 == nError); if (bOK) { RAND_seed(pBuf, nBytes); } delete [] pBuf; egads_destroy(ctx); return bOK; } However, I seem to be blocking inside (presumably as egads gathers entropy), but it seems like I never unblock. Can anybody tell me what I'm doing wrong? Thanks, Ed __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: anybody using EGADS?
Thanks Dick. I heard about the the Intel RNG. Unfortunately, we may also run on AMD machines, in which case, this wouldn't be portable. But it might be worth looking into. Thanks again, Ed --- [EMAIL PROTECTED] wrote: Not exactly open source, but http://www.intel.com/design/security/rng/rng-capi.htm Accessing the Intel® Random Number Generator through a CSP for Microsoft* CryptoAPI describes how to access the Intel *hardware* RNG. Might be of some use to you on Windows platforms. (I believe some *NIXs use the same hardware to populate /dev/random when on Intel platforms.) Edward Chan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: owner-openssl-users@ Subject: Re: anybody using EGADS? openssl.org 10/22/2002 01:13 PM Please respond to openssl-users Hi Stephen, Thanks for the reply. You're absolutely right. It does appear that I am not blocked indefinitely...it certainly does take a while to gather entropy. I was using nBytes = 1024. Then I tried 512. Still very long time. Any suggestions on what a number should be for acceptable randomness? Does anybody have any alternative suggestions? Does anybody know how Apache seeds the OpenSSL PRNG on Windows? I think Apache uses OpenSSL don't they? Thanks, Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Ed, I tried EGADS on Windows (PIII 866) and found that it's time to 'gather entropy' was noticeable beyond nBytes=4. So if you use a relatively large nBytes, then it would appear to block. Steve Hi there, Is anybody using EGADS on Windows? I'm having a problem using it. I've downloaded the source and built everything. The egads service is running. I've written a program that links with egads.dll. I have a function that tries to see the OpenSSL PRNG : bool seedPRNG(int nBytes) { prngctx_t ctx; int nError; egads_init(ctx, 0, 0, nError); if (nError != 0) { DEBUG_TRACE1(_T(egads_init() failed : %d (Is egads service running???)), nError); return false; } char* pBuf = new char[nBytes + 1]; egads_entropy(ctx, pBuf, nBytes, nError); bool bOK = (0 == nError); if (bOK) { RAND_seed(pBuf, nBytes); } delete [] pBuf; egads_destroy(ctx); return bOK; } However, I seem to be blocking inside (presumably as egads gathers entropy), but it seems like I never unblock. Can anybody tell me what I'm doing wrong? Thanks, Ed __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo
Re: anybody using EGADS?
I hear what you're saying, and I totally agree. The problem with using RAND_screen() is that the app I'm writing is a server. So it may be running on a box hidden away in some closet, and may not even have a monitor attached to it. So there may not be any user interaction at all, in which case, this may not provide very much entropy. But I hear what you're saying. Thanks. Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Hi Ed, Knowing very little about any of this cryptography stuff, I have no idea what value of nBytes is enough. I think the wisdom, though, is that it depends upon your situation. From what I've read, the whole purpose of cryptography is to make it too difficult for an attacker to succeed with an attack. Obviously, how much effort you have to make to thwart an attack depends to a significant degree upon how much effort the attacker is willing to make. That would depend upon how valuable the information is, etc. In my particular application of SSL, I don't think the information being transferred is terribly sensitive. So I just chose to use RAND_screen() on Windows to seed the PRNG. Although Viega, et. al., page 99 (Network Security with OpenSSL, O'Reilly), makes it clear that he thinks RAND_screen() is a poor choice at best, it is described as using a hash of the current screen scan-lines for entropy. I'm no math wiz, but it's hard for me to see how any attacker could determine what the results of that are, regardless of effort. Perhaps if the attacker can see the screen... I conclude that with cryptography, as with other things in life, we all just have to decide when enough is enough and move on. Steve Not exactly open source, but http://www.intel.com/design/security/rng/rng-capi.htm Accessing the Intel® Random Number Generator through a CSP for Microsoft* CryptoAPI describes how to access the Intel *hardware* RNG. Might be of some use to you on Windows platforms. (I believe some *NIXs use the same hardware to populate /dev/random when on Intel platforms.) Edward Chan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: owner-openssl-users@ Subject: Re: anybody using EGADS? openssl.org 10/22/2002 01:13 PM Please respond to openssl-users Hi Stephen, Thanks for the reply. You're absolutely right. It does appear that I am not blocked indefinitely...it certainly does take a while to gather entropy. I was using nBytes = 1024. Then I tried 512. Still very long time. Any suggestions on what a number should be for acceptable randomness? Does anybody have any alternative suggestions? Does anybody know how Apache seeds the OpenSSL PRNG on Windows? I think Apache uses OpenSSL don't they? Thanks, Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Ed, I tried EGADS on Windows (PIII 866) and found that it's time to 'gather entropy' was noticeable beyond nBytes=4. So if you use a relatively large nBytes, then it would appear to block. Steve Hi there, Is anybody using EGADS on Windows? I'm having a problem using it. I've downloaded the source and built everything. The egads service is running. I've written a program that links with egads.dll. I have a function that tries to see the OpenSSL PRNG : bool seedPRNG
Re: anybody using EGADS?
Ah, thanks Marcus. We're talking bits, not bytes, I see. In that case, I'm using way too big a number. Thanks, Ed --- Marcus Carey [EMAIL PROTECTED] wrote: Ed See the book Network Security with OpensSSL. With 4 bits of entropy, an attacker has 1 in 16 chances of guessing the right seed. If you're creating 128-bit keys you should use 128 bits of entropy anything less than 64 bits may not be secure enough. I am not sure how nBytes is read. To get 128 bits of entropy you should use nBytes = 16. Right? However at nBytes = 128 it takes about 55 seconds to gather entropy on Windows. Marcus - Original Message - From: Edward Chan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 22, 2002 1:13 PM Subject: Re: anybody using EGADS? Hi Stephen, Thanks for the reply. You're absolutely right. It does appear that I am not blocked indefinitely...it certainly does take a while to gather entropy. I was using nBytes = 1024. Then I tried 512. Still very long time. Any suggestions on what a number should be for acceptable randomness? Does anybody have any alternative suggestions? Does anybody know how Apache seeds the OpenSSL PRNG on Windows? I think Apache uses OpenSSL don't they? Thanks, Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Ed, I tried EGADS on Windows (PIII 866) and found that it's time to 'gather entropy' was noticeable beyond nBytes=4. So if you use a relatively large nBytes, then it would appear to block. Steve Hi there, Is anybody using EGADS on Windows? I'm having a problem using it. I've downloaded the source and built everything. The egads service is running. I've written a program that links with egads.dll. I have a function that tries to see the OpenSSL PRNG : bool seedPRNG(int nBytes) { prngctx_t ctx; int nError; egads_init(ctx, 0, 0, nError); if (nError != 0) { DEBUG_TRACE1(_T(egads_init() failed : %d (Is egads service running???)), nError); return false; } char* pBuf = new char[nBytes + 1]; egads_entropy(ctx, pBuf, nBytes, nError); bool bOK = (0 == nError); if (bOK) { RAND_seed(pBuf, nBytes); } delete [] pBuf; egads_destroy(ctx); return bOK; } However, I seem to be blocking inside (presumably as egads gathers entropy), but it seems like I never unblock. Can anybody tell me what I'm doing wrong? Thanks, Ed __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]