Re: genrand_unix problem on Solaris

From: Elliot Lee <sopwith redhat com>
To: <orbit-list gnome org>
Subject: Re: genrand_unix problem on Solaris
Date: Tue, 20 Feb 2001 11:50:07 -0500 (EST)

On Tue, 20 Feb 2001, Laszlo PETER wrote:

> OK, I did look around.
> I found that OpenSSL has a RAND_bytes function that
>      "puts num cryptographically strong pseudo-random
>      bytes into buf. An error occurs if the PRNG has not been
>      seeded with enough randomness to ensure an unpredictable
>      byte sequence."
>
> It seems to me that the purpose of that is the same as the purpose of
> genrand. So how about an implementation using RAND_bytes on the
> condition that the system has OpenSSL installed?

You didn't point out the "pseudo-random" part in that paragraph.  ORBit2
does have a genrand that uses RAND_bytes(), which I created without
knowing its pseudo-ness. It's no good by definition, although on some
systems it will use /dev/random or equiv, which is why I think it's worth
keeping in case OpenSSL finds out about entropy devices on systems before
I do, but not worth adding to ORBit-stable given the existing RAND_bytes
implementation.

The genrand_unix function is not as bad as Owen makes it sound - the main
entropy source (from the SIGALRM timing differences) has been used in
other crypto-type random # generators (where I stole the idea from), and
I think it is about the best possible given portability constraints. The
getpid() etc. stuff is just a spice added to the recipe...

BTW, if Sun Solaris has some system entropy generator, please let me know
how to make use of it...

-- Elliot
Who me? I just wander from room to room.

References:
- Re: genrand_unix problem on Solaris
  - From: Laszlo PETER

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]