processes
+ * ask for truly secure random numbers and absolutely want
+ * to wait for the entropy pool to fill, and others just
+ * do "getrandom(0)" to get some ad-hoc random numbers.
+ *
+ * If you're generating a secure key, you'd better ask for
+ * more than 128 bits of r
Please take a look at
https://lore.kernel.org/lkml/CAHk-=wiGg-G8JFJ=r7qf0b+utqa_weouk6v+mcmfsljlrq6...@mail.gmail.com/
and consider giving your comments.
TL;DR: see the comment below.
+ * Hacky workaround for the fact that some processes
+ * ask for truly secure random numbers and absolutely
On Wed, Mar 31, 2010, Anthony Gabrielson wrote:
>
> Hello,
>
> I'm actually writing a Matlab toolbox that uses OpenSSL. I put together a
> function, actually its really heavily based on the OpenSSL book, that
> generates random keys and IV. Anyway, I wasn't comfortable with how I was
> seeding
- Original Message -
From: "Dr. Stephen Henson"
To: openssl-users@openssl.org
Sent: Wednesday, March 31, 2010 7:43:06 AM GMT -05:00 US/Canada Eastern
Subject: Re: Random Numbers
You can use RAND_bytes() on Windows and the OpenSSL PRNG will be automatically
seeded fr
On Tue, Mar 30, 2010, Anthony Gabrielson wrote:
> Hello,
>
> I've been searching around and I'm not finding much on
> OpenSSL and random numbers. I'm trying to figure out how to best use
> RAND_bytes and RAND_pseudo_bytes; do I still need to worry a
On Tue, Mar 30, 2010 at 11:48 PM, P Kamath wrote:
> I said it is an RNG, not cryptographic RNG. By adding current time source,
> however crude, and doing a sha1/md5, why should it not be cryptoPRNG? What
> properties should I look for?
Taking a hash of an entirely predictable (or narrowly bo
P Kamath wrote:
> I said it is an RNG, not cryptographic RNG. By adding current time
> source,
> however crude, and doing a sha1/md5, why should it not be cryptoPRNG?
> What
> properties should I look for?
You should look for a cryptographically-secure random number generator.
Seriously, you sh
Of Victor Duchovni
Sent: Tuesday, March 30, 2010 9:53 PM
To: openssl-users@openssl.org
Subject: Re: Random Numbers
On Tue, Mar 30, 2010 at 07:43:39PM -0700, P Kamath wrote:
> At one point of time, we had used tt800.c random number generator
(available
> on the net - a small file sized 2kB
On Tue, Mar 30, 2010 at 07:43:39PM -0700, P Kamath wrote:
> At one point of time, we had used tt800.c random number generator (available
> on the net - a small file sized 2kB), and sha'd or md5'd the output into a
> stream. From the output, we filtered out weak keys, if any.
I hope nobody else do
openssl-us...@openssl.org] On Behalf Of Anthony Gabrielson
Sent: Tuesday, March 30, 2010 5:24 PM
To: openssl-users@openssl.org
Subject: Random Numbers
Hello,
I've been searching around and I'm not finding much on
OpenSSL and random numbers. I'm trying to figure out how t
Hello,
I've been searching around and I'm not finding much on
OpenSSL and random numbers. I'm trying to figure out how to best use
RAND_bytes and RAND_pseudo_bytes; do I still need to worry about entropy or
does OpenSSL take care of it for me these days? If I d
Hi all,
In openssl code which part actually handles catching of the random numbers
exchanged during the handshake?
Regards,
Prashanth..
Thanks for the info. I have a follow-up question based
on my specific situation. The cipher suite I am
forcing the client and server to negotiate to is
EDH-RSA-DES-CBC3-SHA(I am also requiring sslv3). That
being the case, is not having true randomness on the
client a risk? How good is the randomiz
raghuram belur wrote:
>
> Unfortunately, requesting input from the user is not
> an option for the application that I am working on.
> This is one of the reasons why I am trying to see if
> there is a way to "dumb down" the randomization on the
> client and make it mostly a server side issue. I a
mple, if you use ElGamal or
its variants, inadequate random numbers cause leakage of your long
term key.
I think you could make a workable scheme with RSA keys, though it
wouldn't work within the constraints of an established protocol like
TLS/SSL.
The first step in this protocol would be that
e. Use the contents of the file to seed a pseudo random number generator.
Don't use it
to get a continuous stream of random numbers--unless you are very young.
Brad
What does OpenSSL need in the way of action on my
part to make good random
numbers? Anything?
I ask because I noted that /us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>What would a good RANDFILE look like?
If I could tell you that, it wouldn't be random, would it?
Jon
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.0.2i
iQA/AwUBN0EXpngWiDO86u4+EQKBkQCg+p6KprlTKIxC+0WXfqKa5j9EUQ0AoN9+
uXWTeQoJqDDL+
What does OpenSSL need in the way of action on my part to make good random
numbers? Anything?
I ask because I noted that /usr/local/ssl/lib/openssl.cnf has a line in it
that says "#RANDFILE = $ENV::HOME/.rnd" which is to say it's commented out.
What would a good RANDFILE look li
18 matches
Mail list logo