[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: certificate problem
From: Soo Hom <syhom () ece ! ucsd ! edu>
Date: 2001-11-30 16:14:54
[Download RAW message or body]
Thanks for the advice. I was able to get an alternate /dev/urandom
package working.
Soo
On Wed, 28 Nov 2001, Lutz Jaenicke wrote:
> On Wed, Nov 28, 2001 at 08:47:13AM +0100, Guido.Frohn@aachen.utimaco.de wrote:
> > Solaris does not support the device /dev/urandom which is necessary to seed
> > the PRNG by default.
> > You can either install a package which emulate /dev/urandom or seed the
> > PRNG
> > manually by the following commands :
> >
> > unsigned char seed_buffer [1024] ;
> >
> > RAND_pseudo_byte(seed_buffer, 1024) ;
> > RAND_seed(seed_buffer, 1024) ;
> > ...
> > RSA_generate_key(...)
>
>
> This, with all due respect, is no good advice. Depending on the platform
> (and maybe even compiler settings), the buffer may be memset to 0.
> Generating pseudo bytes from it will mix in the PID and have the pool
> mixed. That might look random, but finally (if somebody finds out your
> method), the generated keys are weak.
> I strongly suggest using using one of the alternative PRNG sources described
> in the FAQ.
>
> Best regards,
> Lutz
> --
> Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE
> BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
> Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic