[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: ssleay_rand_add() why is this used?
From: Ssl Group <group_ssl () yahoo ! com>
Date: 2011-12-23 11:22:29
Message-ID: 1324639349.44499.YahooMailNeo () web140210 ! mail ! bf1 ! yahoo ! com
[Download RAW message or body]
Hi Jakob,
Thanks for the info. I didnt understand fully about this.Would you \
mind explaining this a little more may be with some example if u dont mind.
Thanks in advance.
________________________________
From: Jakob Bohm <jb-openssl@wisemo.com>
To: openssl-users@openssl.org
Sent: Thursday, December 22, 2011 7:17 PM
Subject: Re: ssleay_rand_add() why is this used?
On 12/22/2011 2:04 PM, Ssl Group wrote:
> Hi ,
> Can some one help me in understanding the use of this API "ssleay_rand_add()" ???
> And one more thing, we have a "state_index" value used in this function. It is \
> Global Static function. I dont find any where updating this value in the file. Can \
> you please let me know if i am wrong or where it will get updated and what is the \
> use of this state_index.
>
ssleay_rand_add() is used if you have access to some good source of
highly random enemy-unknown bits which the OpenSSL code is not
looking at itself. With this function, you can feed those additional
sources of random entropy into the OpenSSL random number generator,
thus increasing the security of all operations that rely on the
cryptographic unpredictability of the random numbers generated by
OpenSSL, including SSL connections, key generation etc. etc.
Because most modern computers suffer from a severe lack of good
sources by default, the chance that you might have access to
some non-standard improved source may be quite high, so the
need for this function is far from hypothetical.
I also believe/suspect that the OpenSSL code which tries to
load commonly available sources of entry also calls this function
as it does so, but I haven't looked at this code for many months
and don't remember it right now.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[Attachment #3 (text/html)]
<html><body><div style="color:#000; background-color:#fff; font-family:times new \
roman, new york, times, serif;font-size:12pt"><div><span>Hi \
Jakob,</span></div><div><span> \
Thanks for the info. I didnt understand fully about this.Would you mind explaining \
this a little more may be with some example if u dont \
mind.</span></div><div><span><br></span></div><div><span>Thanks in \
advance.</span></div><div><br></div> <div style="font-family: times new roman, new \
york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new \
york, times, serif; font-size: 12pt;"> <font face="Arial" size="2"> <hr size="1"> \
<b><span style="font-weight:bold;">From:</span></b> Jakob Bohm \
<jb-openssl@wisemo.com><br> <b><span style="font-weight: bold;">To:</span></b> \
openssl-users@openssl.org <br> <b><span style="font-weight: bold;">Sent:</span></b> \
Thursday, December 22, 2011 7:17 PM<br> <b><span style="font-weight: \
bold;">Subject:</span></b> Re: ssleay_rand_add() why is this used?<br> </font> <br> \
On 12/22/2011 2:04 PM, Ssl Group wrote:<br>> Hi ,<br>> \
Can some one help me in understanding the use of this API \
"ssleay_rand_add()" ???<br>> And one more thing, we have a "state_index" value \
used in this function. It is Global Static function.<br>> I dont find any where \
updating this value in the file. Can you please let me know if i am wrong or where it \
will<br>> get updated and what is the use of this state_index.<br>> <br>> \
<br>ssleay_rand_add() is used if you have access to some good source of<br>highly \
random enemy-unknown bits which the OpenSSL code is not<br>looking at itself. \
With this function, you can feed those additional<br>sources of random entropy into \
the OpenSSL random number generator,<br>thus increasing the security of all \
operations that rely on the<br>cryptographic unpredictability of the random numbers \
generated by<br>OpenSSL, including SSL connections, key generation etc. \
etc.<br><br>Because most modern computers suffer from a severe lack of \
good<br>sources by default, the chance that you might have access to<br>some \
non-standard improved source may be quite high, so the<br>need for this function is \
far from hypothetical.<br><br>I also believe/suspect that the OpenSSL code which \
tries to<br>load commonly available sources of entry also calls this function<br>as \
it does so, but I haven't looked at this code for many months<br>and don't remember \
it right now.<br><br>______________________________________________________________________<br>OpenSSL \
Project \
http://www.openssl.org<br>User Support Mailing \
List <a \
ymailto="mailto:openssl-users@openssl.org" \
href="mailto:openssl-users@openssl.org">openssl-users@openssl.org</a><br>Automated \
List Manager \
<a ymailto="mailto:majordomo@openssl.org" \
href="mailto:majordomo@openssl.org">majordomo@openssl.org</a><br><br><br> </div> \
</div> </div></body></html>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic