Re: anybody using EGADS?
The OpenSSL PRNG feels that it is fully seeded with 160 bits, i.e. 20 bytes of
entropy. In
rand_lcl.h the symbol ENTROPY_NEEDED is defined to 20. In 0.9.6g at least.
Tim
--- Edward Chan [EMAIL PROTECTED] wrote:
Hi Stephen,
Thanks for the reply. You're absolutely right. It
does appear that I am not blocked indefinitely...it
certainly does take a while to gather entropy. I was
using nBytes = 1024. Then I tried 512. Still very
long time.
Any suggestions on what a number should be for
acceptable randomness?
Does anybody have any alternative suggestions? Does
anybody know how Apache seeds the OpenSSL PRNG on
Windows? I think Apache uses OpenSSL don't they?
Thanks,
Ed
--- Stephen G. Schoggen [EMAIL PROTECTED]
wrote:
Ed,
I tried EGADS on Windows (PIII 866) and found that
it's time to
'gather entropy' was noticeable beyond nBytes=4. So
if you use a
relatively large nBytes, then it would appear to
block.
Steve
Hi there,
Is anybody using EGADS on Windows? I'm having a
problem using it. I've downloaded the source and
built everything. The egads service is running.
I've
written a program that links with egads.dll. I
have a
function that tries to see the OpenSSL PRNG :
bool seedPRNG(int nBytes)
{
prngctx_t ctx;
int nError;
egads_init(ctx, 0, 0, nError);
if (nError != 0)
{
DEBUG_TRACE1(_T(egads_init() failed : %d (Is
egads
service running???)), nError);
return false;
}
char* pBuf = new char[nBytes + 1];
egads_entropy(ctx, pBuf, nBytes, nError);
bool bOK = (0 == nError);
if (bOK)
{
RAND_seed(pBuf, nBytes);
}
delete [] pBuf;
egads_destroy(ctx);
return bOK;
}
However, I seem to be blocking inside (presumably
as
egads gathers entropy), but it seems like I never
unblock. Can anybody tell me what I'm doing wrong?
Thanks,
Ed
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: anybody using EGADS?
Ed
I am not sure about its entropy but you can use the
egads_randstring() function to generate data which is faster than calling
egads_entropy() directly. I have used it with nBytes = 1024 and it only
takes a few seconds.
Marcus
- Original Message -
From: Edward Chan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 22, 2002 10:52 PM
Subject: Re: anybody using EGADS?
Ah, thanks Marcus. We're talking bits, not bytes, I
see. In that case, I'm using way too big a number.
Thanks,
Ed
--- Marcus Carey [EMAIL PROTECTED] wrote:
Ed
See the book Network Security with OpensSSL.
With 4 bits of entropy, an attacker has 1 in 16
chances of guessing the
right seed.
If you're creating 128-bit keys you should use 128
bits of entropy anything
less than 64 bits may not be secure enough.
I am not sure how nBytes is read. To get 128 bits
of entropy you should use
nBytes = 16. Right?
However at nBytes = 128 it takes about 55 seconds to
gather entropy on
Windows.
Marcus
- Original Message -
From: Edward Chan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 22, 2002 1:13 PM
Subject: Re: anybody using EGADS?
Hi Stephen,
Thanks for the reply. You're absolutely right.
It
does appear that I am not blocked
indefinitely...it
certainly does take a while to gather entropy. I
was
using nBytes = 1024. Then I tried 512. Still
very
long time.
Any suggestions on what a number should be for
acceptable randomness?
Does anybody have any alternative suggestions?
Does
anybody know how Apache seeds the OpenSSL PRNG on
Windows? I think Apache uses OpenSSL don't they?
Thanks,
Ed
--- Stephen G. Schoggen
[EMAIL PROTECTED]
wrote:
Ed,
I tried EGADS on Windows (PIII 866) and found
that
it's time to
'gather entropy' was noticeable beyond nBytes=4.
So
if you use a
relatively large nBytes, then it would appear to
block.
Steve
Hi there,
Is anybody using EGADS on Windows? I'm having
a
problem using it. I've downloaded the source
and
built everything. The egads service is
running.
I've
written a program that links with egads.dll. I
have a
function that tries to see the OpenSSL PRNG :
bool seedPRNG(int nBytes)
{
prngctx_t ctx;
int nError;
egads_init(ctx, 0, 0, nError);
if (nError != 0)
{
DEBUG_TRACE1(_T(egads_init() failed : %d (Is
egads
service running???)), nError);
return false;
}
char* pBuf = new char[nBytes + 1];
egads_entropy(ctx, pBuf, nBytes, nError);
bool bOK = (0 == nError);
if (bOK)
{
RAND_seed(pBuf, nBytes);
}
delete [] pBuf;
egads_destroy(ctx);
return bOK;
}
However, I seem to be blocking inside
(presumably
as
egads gathers entropy), but it seems like I
never
unblock. Can anybody tell me what I'm doing
wrong?
Thanks,
Ed
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web
site
http://webhosting.yahoo.com/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
Re: anybody using EGADS?
Hi Stephen,
Thanks for the reply. You're absolutely right. It
does appear that I am not blocked indefinitely...it
certainly does take a while to gather entropy. I was
using nBytes = 1024. Then I tried 512. Still very
long time.
Any suggestions on what a number should be for
acceptable randomness?
Does anybody have any alternative suggestions? Does
anybody know how Apache seeds the OpenSSL PRNG on
Windows? I think Apache uses OpenSSL don't they?
Thanks,
Ed
--- Stephen G. Schoggen [EMAIL PROTECTED]
wrote:
Ed,
I tried EGADS on Windows (PIII 866) and found that
it's time to
'gather entropy' was noticeable beyond nBytes=4. So
if you use a
relatively large nBytes, then it would appear to
block.
Steve
Hi there,
Is anybody using EGADS on Windows? I'm having a
problem using it. I've downloaded the source and
built everything. The egads service is running.
I've
written a program that links with egads.dll. I
have a
function that tries to see the OpenSSL PRNG :
bool seedPRNG(int nBytes)
{
prngctx_t ctx;
int nError;
egads_init(ctx, 0, 0, nError);
if (nError != 0)
{
DEBUG_TRACE1(_T(egads_init() failed : %d (Is
egads
service running???)), nError);
return false;
}
char* pBuf = new char[nBytes + 1];
egads_entropy(ctx, pBuf, nBytes, nError);
bool bOK = (0 == nError);
if (bOK)
{
RAND_seed(pBuf, nBytes);
}
delete [] pBuf;
egads_destroy(ctx);
return bOK;
}
However, I seem to be blocking inside (presumably
as
egads gathers entropy), but it seems like I never
unblock. Can anybody tell me what I'm doing wrong?
Thanks,
Ed
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: anybody using EGADS?
Not exactly open source, but
http://www.intel.com/design/security/rng/rng-capi.htm Accessing the Intel®
Random Number Generator through a CSP for Microsoft* CryptoAPI describes
how to access the Intel *hardware* RNG. Might be of some use to you on
Windows platforms. (I believe some *NIXs use the same hardware to populate
/dev/random when on Intel platforms.)
Edward Chan
[EMAIL PROTECTED] To: [EMAIL PROTECTED]
Sent by: cc:
owner-openssl-users@ Subject: Re: anybody using EGADS?
openssl.org
10/22/2002 01:13 PM
Please respond to
openssl-users
Hi Stephen,
Thanks for the reply. You're absolutely right. It
does appear that I am not blocked indefinitely...it
certainly does take a while to gather entropy. I was
using nBytes = 1024. Then I tried 512. Still very
long time.
Any suggestions on what a number should be for
acceptable randomness?
Does anybody have any alternative suggestions? Does
anybody know how Apache seeds the OpenSSL PRNG on
Windows? I think Apache uses OpenSSL don't they?
Thanks,
Ed
--- Stephen G. Schoggen [EMAIL PROTECTED]
wrote:
Ed,
I tried EGADS on Windows (PIII 866) and found that
it's time to
'gather entropy' was noticeable beyond nBytes=4. So
if you use a
relatively large nBytes, then it would appear to
block.
Steve
Hi there,
Is anybody using EGADS on Windows? I'm having a
problem using it. I've downloaded the source and
built everything. The egads service is running.
I've
written a program that links with egads.dll. I
have a
function that tries to see the OpenSSL PRNG :
bool seedPRNG(int nBytes)
{
prngctx_t ctx;
int nError;
egads_init(ctx, 0, 0, nError);
if (nError != 0)
{
DEBUG_TRACE1(_T(egads_init() failed : %d (Is
egads
service running???)), nError);
return false;
}
char* pBuf = new char[nBytes + 1];
egads_entropy(ctx, pBuf, nBytes, nError);
bool bOK = (0 == nError);
if (bOK)
{
RAND_seed(pBuf, nBytes);
}
delete [] pBuf;
egads_destroy(ctx);
return bOK;
}
However, I seem to be blocking inside (presumably
as
egads gathers entropy), but it seems like I never
unblock. Can anybody tell me what I'm doing wrong?
Thanks,
Ed
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED
Re: anybody using EGADS?
Hi Ed,
Knowing very little about any of this cryptography stuff, I have no
idea what value of nBytes is enough. I think the wisdom, though, is
that it depends upon your situation. From what I've read, the whole
purpose of cryptography is to make it too difficult for an attacker
to succeed with an attack. Obviously, how much effort you have to
make to thwart an attack depends to a significant degree upon how
much effort the attacker is willing to make. That would depend upon
how valuable the information is, etc. In my particular application
of SSL, I don't think the information being transferred is terribly
sensitive. So I just chose to use RAND_screen() on Windows to seed
the PRNG. Although Viega, et. al., page 99 (Network Security with
OpenSSL, O'Reilly), makes it clear that he thinks RAND_screen() is a
poor choice at best, it is described as using a hash of the current
screen scan-lines for entropy. I'm no math wiz, but it's hard for me
to see how any attacker could determine what the results of that are,
regardless of effort. Perhaps if the attacker can see the screen...
I conclude that with cryptography, as with other things in life, we
all just have to decide when enough is enough and move on.
Steve
Not exactly open source, but
http://www.intel.com/design/security/rng/rng-capi.htm Accessing the Intel®
Random Number Generator through a CSP for Microsoft* CryptoAPI describes
how to access the Intel *hardware* RNG. Might be of some use to you on
Windows platforms. (I believe some *NIXs use the same hardware to populate
/dev/random when on Intel platforms.)
Edward
Chan
[EMAIL PROTECTED] To:
[EMAIL PROTECTED]
Sent by:
cc:
owner-openssl-users@ Subject: Re:
anybody using
EGADS?
openssl.org
10/22/2002 01:13
PM
Please respond
to
openssl-users
Hi Stephen,
Thanks for the reply. You're absolutely right. It
does appear that I am not blocked indefinitely...it
certainly does take a while to gather entropy. I was
using nBytes = 1024. Then I tried 512. Still very
long time.
Any suggestions on what a number should be for
acceptable randomness?
Does anybody have any alternative suggestions? Does
anybody know how Apache seeds the OpenSSL PRNG on
Windows? I think Apache uses OpenSSL don't they?
Thanks,
Ed
--- Stephen G. Schoggen [EMAIL PROTECTED]
wrote:
Ed,
I tried EGADS on Windows (PIII 866) and found that
it's time to
'gather entropy' was noticeable beyond nBytes=4. So
if you use a
relatively large nBytes, then it would appear to
block.
Steve
Hi there,
Is anybody using EGADS on Windows? I'm having a
problem using it. I've downloaded the source and
built everything. The egads service is running.
I've
written a program that links with egads.dll. I
have a
function that tries to see the OpenSSL PRNG :
bool seedPRNG(int nBytes)
{
prngctx_t ctx;
int nError;
egads_init(ctx, 0, 0, nError);
if (nError != 0)
{
DEBUG_TRACE1(_T(egads_init() failed : %d (Is
egads
service running???)), nError);
return false;
}
char* pBuf = new char[nBytes + 1];
egads_entropy(ctx, pBuf, nBytes, nError);
bool bOK = (0 == nError);
if (bOK)
{
RAND_seed(pBuf, nBytes);
}
delete [] pBuf;
egads_destroy(ctx);
return bOK;
}
However
Re: anybody using EGADS?
Ed
See the book Network Security with OpensSSL.
With 4 bits of entropy, an attacker has 1 in 16 chances of guessing the
right seed.
If you're creating 128-bit keys you should use 128 bits of entropy anything
less than 64 bits may not be secure enough.
I am not sure how nBytes is read. To get 128 bits of entropy you should use
nBytes = 16. Right?
However at nBytes = 128 it takes about 55 seconds to gather entropy on
Windows.
Marcus
- Original Message -
From: Edward Chan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 22, 2002 1:13 PM
Subject: Re: anybody using EGADS?
Hi Stephen,
Thanks for the reply. You're absolutely right. It
does appear that I am not blocked indefinitely...it
certainly does take a while to gather entropy. I was
using nBytes = 1024. Then I tried 512. Still very
long time.
Any suggestions on what a number should be for
acceptable randomness?
Does anybody have any alternative suggestions? Does
anybody know how Apache seeds the OpenSSL PRNG on
Windows? I think Apache uses OpenSSL don't they?
Thanks,
Ed
--- Stephen G. Schoggen [EMAIL PROTECTED]
wrote:
Ed,
I tried EGADS on Windows (PIII 866) and found that
it's time to
'gather entropy' was noticeable beyond nBytes=4. So
if you use a
relatively large nBytes, then it would appear to
block.
Steve
Hi there,
Is anybody using EGADS on Windows? I'm having a
problem using it. I've downloaded the source and
built everything. The egads service is running.
I've
written a program that links with egads.dll. I
have a
function that tries to see the OpenSSL PRNG :
bool seedPRNG(int nBytes)
{
prngctx_t ctx;
int nError;
egads_init(ctx, 0, 0, nError);
if (nError != 0)
{
DEBUG_TRACE1(_T(egads_init() failed : %d (Is
egads
service running???)), nError);
return false;
}
char* pBuf = new char[nBytes + 1];
egads_entropy(ctx, pBuf, nBytes, nError);
bool bOK = (0 == nError);
if (bOK)
{
RAND_seed(pBuf, nBytes);
}
delete [] pBuf;
egads_destroy(ctx);
return bOK;
}
However, I seem to be blocking inside (presumably
as
egads gathers entropy), but it seems like I never
unblock. Can anybody tell me what I'm doing wrong?
Thanks,
Ed
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: anybody using EGADS?
Thanks Dick. I heard about the the Intel RNG.
Unfortunately, we may also run on AMD machines, in
which case, this wouldn't be portable. But it might
be worth looking into.
Thanks again,
Ed
--- [EMAIL PROTECTED] wrote:
Not exactly open source, but
http://www.intel.com/design/security/rng/rng-capi.htm
Accessing the Intel®
Random Number Generator through a CSP for Microsoft*
CryptoAPI describes
how to access the Intel *hardware* RNG. Might be of
some use to you on
Windows platforms. (I believe some *NIXs use the
same hardware to populate
/dev/random when on Intel platforms.)
Edward Chan
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent by:
cc:
owner-openssl-users@
Subject: Re: anybody using EGADS?
openssl.org
10/22/2002 01:13 PM
Please respond to
openssl-users
Hi Stephen,
Thanks for the reply. You're absolutely right. It
does appear that I am not blocked indefinitely...it
certainly does take a while to gather entropy. I
was
using nBytes = 1024. Then I tried 512. Still very
long time.
Any suggestions on what a number should be for
acceptable randomness?
Does anybody have any alternative suggestions? Does
anybody know how Apache seeds the OpenSSL PRNG on
Windows? I think Apache uses OpenSSL don't they?
Thanks,
Ed
--- Stephen G. Schoggen [EMAIL PROTECTED]
wrote:
Ed,
I tried EGADS on Windows (PIII 866) and found that
it's time to
'gather entropy' was noticeable beyond nBytes=4.
So
if you use a
relatively large nBytes, then it would appear to
block.
Steve
Hi there,
Is anybody using EGADS on Windows? I'm having a
problem using it. I've downloaded the source and
built everything. The egads service is running.
I've
written a program that links with egads.dll. I
have a
function that tries to see the OpenSSL PRNG :
bool seedPRNG(int nBytes)
{
prngctx_t ctx;
int nError;
egads_init(ctx, 0, 0, nError);
if (nError != 0)
{
DEBUG_TRACE1(_T(egads_init() failed : %d (Is
egads
service running???)), nError);
return false;
}
char* pBuf = new char[nBytes + 1];
egads_entropy(ctx, pBuf, nBytes,
nError);
bool bOK = (0 == nError);
if (bOK)
{
RAND_seed(pBuf, nBytes);
}
delete [] pBuf;
egads_destroy(ctx);
return bOK;
}
However, I seem to be blocking inside (presumably
as
egads gathers entropy), but it seems like I never
unblock. Can anybody tell me what I'm doing
wrong?
Thanks,
Ed
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web
site
http://webhosting.yahoo.com/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo
Re: anybody using EGADS?
I hear what you're saying, and I totally agree. The problem with using RAND_screen() is that the app I'm writing is a server. So it may be running on a box hidden away in some closet, and may not even have a monitor attached to it. So there may not be any user interaction at all, in which case, this may not provide very much entropy. But I hear what you're saying. Thanks. Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Hi Ed, Knowing very little about any of this cryptography stuff, I have no idea what value of nBytes is enough. I think the wisdom, though, is that it depends upon your situation. From what I've read, the whole purpose of cryptography is to make it too difficult for an attacker to succeed with an attack. Obviously, how much effort you have to make to thwart an attack depends to a significant degree upon how much effort the attacker is willing to make. That would depend upon how valuable the information is, etc. In my particular application of SSL, I don't think the information being transferred is terribly sensitive. So I just chose to use RAND_screen() on Windows to seed the PRNG. Although Viega, et. al., page 99 (Network Security with OpenSSL, O'Reilly), makes it clear that he thinks RAND_screen() is a poor choice at best, it is described as using a hash of the current screen scan-lines for entropy. I'm no math wiz, but it's hard for me to see how any attacker could determine what the results of that are, regardless of effort. Perhaps if the attacker can see the screen... I conclude that with cryptography, as with other things in life, we all just have to decide when enough is enough and move on. Steve Not exactly open source, but http://www.intel.com/design/security/rng/rng-capi.htm Accessing the Intel® Random Number Generator through a CSP for Microsoft* CryptoAPI describes how to access the Intel *hardware* RNG. Might be of some use to you on Windows platforms. (I believe some *NIXs use the same hardware to populate /dev/random when on Intel platforms.) Edward Chan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: owner-openssl-users@ Subject: Re: anybody using EGADS? openssl.org 10/22/2002 01:13 PM Please respond to openssl-users Hi Stephen, Thanks for the reply. You're absolutely right. It does appear that I am not blocked indefinitely...it certainly does take a while to gather entropy. I was using nBytes = 1024. Then I tried 512. Still very long time. Any suggestions on what a number should be for acceptable randomness? Does anybody have any alternative suggestions? Does anybody know how Apache seeds the OpenSSL PRNG on Windows? I think Apache uses OpenSSL don't they? Thanks, Ed --- Stephen G. Schoggen [EMAIL PROTECTED] wrote: Ed, I tried EGADS on Windows (PIII 866) and found that it's time to 'gather entropy' was noticeable beyond nBytes=4. So if you use a relatively large nBytes, then it would appear to block. Steve Hi there, Is anybody using EGADS on Windows? I'm having a problem using it. I've downloaded the source and built everything. The egads service is running. I've written a program that links with egads.dll. I have a function that tries to see the OpenSSL PRNG : bool seedPRNG
Re: anybody using EGADS?
Ah, thanks Marcus. We're talking bits, not bytes, I
see. In that case, I'm using way too big a number.
Thanks,
Ed
--- Marcus Carey [EMAIL PROTECTED] wrote:
Ed
See the book Network Security with OpensSSL.
With 4 bits of entropy, an attacker has 1 in 16
chances of guessing the
right seed.
If you're creating 128-bit keys you should use 128
bits of entropy anything
less than 64 bits may not be secure enough.
I am not sure how nBytes is read. To get 128 bits
of entropy you should use
nBytes = 16. Right?
However at nBytes = 128 it takes about 55 seconds to
gather entropy on
Windows.
Marcus
- Original Message -
From: Edward Chan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 22, 2002 1:13 PM
Subject: Re: anybody using EGADS?
Hi Stephen,
Thanks for the reply. You're absolutely right.
It
does appear that I am not blocked
indefinitely...it
certainly does take a while to gather entropy. I
was
using nBytes = 1024. Then I tried 512. Still
very
long time.
Any suggestions on what a number should be for
acceptable randomness?
Does anybody have any alternative suggestions?
Does
anybody know how Apache seeds the OpenSSL PRNG on
Windows? I think Apache uses OpenSSL don't they?
Thanks,
Ed
--- Stephen G. Schoggen
[EMAIL PROTECTED]
wrote:
Ed,
I tried EGADS on Windows (PIII 866) and found
that
it's time to
'gather entropy' was noticeable beyond nBytes=4.
So
if you use a
relatively large nBytes, then it would appear to
block.
Steve
Hi there,
Is anybody using EGADS on Windows? I'm having
a
problem using it. I've downloaded the source
and
built everything. The egads service is
running.
I've
written a program that links with egads.dll. I
have a
function that tries to see the OpenSSL PRNG :
bool seedPRNG(int nBytes)
{
prngctx_t ctx;
int nError;
egads_init(ctx, 0, 0, nError);
if (nError != 0)
{
DEBUG_TRACE1(_T(egads_init() failed : %d (Is
egads
service running???)), nError);
return false;
}
char* pBuf = new char[nBytes + 1];
egads_entropy(ctx, pBuf, nBytes, nError);
bool bOK = (0 == nError);
if (bOK)
{
RAND_seed(pBuf, nBytes);
}
delete [] pBuf;
egads_destroy(ctx);
return bOK;
}
However, I seem to be blocking inside
(presumably
as
egads gathers entropy), but it seems like I
never
unblock. Can anybody tell me what I'm doing
wrong?
Thanks,
Ed
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web
site
http://webhosting.yahoo.com/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
