On 14/01/15 12:35, jack seth wrote: > I am trying to generate a 16384 bit DH file for testing purposes. Is > it necessary to have a '.rnd' in existence before trying to generate > this file? I generated one which took 4 days to do but the computer had > a .rnd file. I am currently trying to generate another on a system > WITHOUT the .rnd file and it has been going 3 WEEKS so far. Did I just > get lucky with the first DH file and it really can take this long (or > longer) to make this file or does openssl really need the .rnd file to > do this? The purpose of the .rnd file is to seed the random number generator with entropy before you start. The built-in OpenSSL PRNG will attempt to seed itself from various different sources dependent on the platform that you are on, e.g. if you have a "/dev/urandom" then it will try to use it. Some platforms may have very restricted access to entropy sources, and on those platforms a .rnd file might be particularly useful. Assuming you are using a relatively modern desktop machine this is unlikely to be a problem for you. If the PRNG has not been seeded with sufficient entropy then it will fail with the "PRNG not seeded" error: https://www.openssl.org/support/faq.html#USER1 The fact that you have not seen that error means that the PRNG believes it has been sufficiently seeded. The method that was used to seed the PRNG will not have a subsequent impact on its performance. In other words, the presence or otherwise of the .rnd file will not impact the performance once seeding is complete. The reason it is taking so long is that 16384 bits is GIGANTIC! Matt