Re: genrand_unix problem on Solaris
- From: Laszlo PETER <Laszlo Peter ireland sun com>
- To: Owen Taylor <otaylor redhat com>
- Cc: orbit-list gnome org
- Subject: Re: genrand_unix problem on Solaris
- Date: Tue, 20 Feb 2001 13:33:08 +0000
Hi,
Thanks for the response, and sorry for being stupid, I didn't
realize what this is used for.
Owen Taylor wrote:
> The point of genrand() is to produce a unpredictable key.
>
> genrand_dev() does this in a very carefully controlled by
> using /dev/random, if the kernel provides that.
>
> genrand_unix() is a poor substitute that uses the theory
> of "do lots of stuff in a crazy fashion and maybe it
> will be random".
>
> I don't believe your genrand_lrand48() is unpredictable
> at all - pseudo-random generators like that used by
> random() and srand48() are 100% predictable as long as
> the seed is known.
[...]
> You might want to ask around, or take a look at security
> related packages. The operation of generating an unpredictable
> key is essential to many security-related tasks.
OK, I did look around.
I found that OpenSSL has a RAND_bytes function that
"puts num cryptographically strong pseudo-random
bytes into buf. An error occurs if the PRNG has not been
seeded with enough randomness to ensure an unpredictable
byte sequence."
It seems to me that the purpose of that is the same as the purpose
of genrand.
So how about an implementation using RAND_bytes on the condition
that the system has OpenSSL installed?
Thanks,
Laca
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]