[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev SSL for Lynx 2.8.4
From: |
Mark Mentovai |
Subject: |
Re: lynx-dev SSL for Lynx 2.8.4 |
Date: |
Sat, 6 Jan 2001 19:11:34 -0500 (EST) |
David Woolley wrote:
>> Another issue from the whiteboard was the reliance on srand48 and lrand48,
>> which some systems do not include. I assume that configure could be tweaked
>
>I haven't looked at the code, but cryptographic code SHOULD NOT use standard
>random number functions, it should be trying to achieve truly random
>numbers. One of the major panics on early Netscape software (server I think)
>was that it didn't generate sufficiently random numbers, and that was when
>it really was trying.
If OpenSSL reports to me that its PRNG is unseeded, then I've got to seed it
somehow. What I do is throw a few small logs into the fire first (using a
random state file if one is available, the time, and the PID,) then pull a
long's worth of random bytes out of the PRNG and use it to seed the
system-supplied random number generator, and then pull random numbers off of
the system's RNG until the PRNG is happy. I then write out some randomness
to disk for next time. It could be made better, but this is more than
sufficient for what we're trying to accomplish after a few runs to get the
stored randomness well churned.
If the system has supplies a strong entropy engine that OpenSSL knows about,
it will take advantage of it and never report an unseeded PRNG.
Mark
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden