[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev SSL for Lynx 2.8.4

From: Mark Mentovai
Subject: Re: lynx-dev SSL for Lynx 2.8.4
Date: Sat, 6 Jan 2001 19:11:34 -0500 (EST)

David Woolley wrote:
>> Another issue from the whiteboard was the reliance on srand48 and lrand48,
>> which some systems do not include.  I assume that configure could be tweaked
>I haven't looked at the code, but cryptographic code SHOULD NOT use standard
>random number functions, it should be trying to achieve truly random
>numbers.  One of the major panics on early Netscape software (server I think)
>was that it didn't generate sufficiently random numbers, and that was when
>it really was trying.

If OpenSSL reports to me that its PRNG is unseeded, then I've got to seed it
somehow.  What I do is throw a few small logs into the fire first (using a
random state file if one is available, the time, and the PID,) then pull a
long's worth of random bytes out of the PRNG and use it to seed the
system-supplied random number generator, and then pull random numbers off of
the system's RNG until the PRNG is happy.  I then write out some randomness
to disk for next time.  It could be made better, but this is more than
sufficient for what we're trying to accomplish after a few runs to get the
stored randomness well churned.

If the system has supplies a strong entropy engine that OpenSSL knows about,
it will take advantage of it and never report an unseeded PRNG.


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]