Long startup time and poor entropy on Windows due to inefficient heap walking In RAND_poll()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> You should seed OpenSSL's random number generator directly using CryptGenRandom (and other entropy you might have).
> Once the generator is seeded, it won't attempt to auto-seed itself with the RAND_poll gear.

Thank you for that workaround advice, Jeff.  I've passed it on to the folks using the library calls.

The OpenSSL library developers might still want to consider alternate heap walk coding, if for no other reason than for those who
use the library without having seen the wiki page mentioned and knowing they should seed it themselves.  

The library designers may feel the 1 second used in RAND_poll() is time well spent adding up memory blocks, when mostly it's just
wasted.  We measured a 1000 to 1 ratio between the time spent in Heap32Next() retrieving memory block pointers and the time spent
accumulating entropy in RAND_add().

Thanks again.

-Noel

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Jeffrey Walton
Sent: Mon, January 19, 2015 12:02 AM
To: OpenSSL Users List
Subject: Re: Long startup time and poor entropy on Windows due to inefficient heap walking In RAND_poll()

You should seed OpenSSL's random number generator directly using CryptGenRandom (and other entropy you might have).

Once the generator is seeded, it won't attempt to auto-seed itself with the RAND_poll gear.

Also see http://wiki.openssl.org/index.php/Random_Numbers. It advises that you seed the generator directly rather than depending on
the library doing it through RAND_poll.

Jeff



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux