Re: PRNG is not seeded

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf
> Of FooCrypt
> Sent: Wednesday, May 30, 2018 10:46
> To: openssl-users@xxxxxxxxxxx
> Subject: Re:  PRNG is not seeded
>
> > On 30 May 2018, at 11:55 PM, Michael Wojcik
> <Michael.Wojcik@xxxxxxxxxxxxxx> wrote:
> >
> > Where would openssl rand be getting its entropy from, in this case? You
> have a circular dependency: openssl needs entropy, so it tries to get it from
> PRNGD; and you're asking openssl to put entropy into PRNGD.
> >
>
> Usage: rand [options] num

Spare me, please.

> RAND(1) describes the multiplicity of sources that can all be used together in
> some detail.

And why do you think this solves the problem?

>        The rand command outputs num pseudo-random bytes after seeding the
> random number generator once.

So all the entropy you can get from the output of "openssl rand" is whatever OpenSSL was able to gather when it seeded the PRNG. Which is exactly the problem Scott was trying to solve.

> Make some .rnd’s

YOU STILL HAVE TO FIND ENTROPY TO PUT IN THEM. All you're doing is pushing the problem around the plate.

>
>       dd if=/dev/[SOMEDEVICE] of=~/.rnd bs=1 count=1024

Where [SOMEDEVICE] is your magical unicorn entropy device?

> Make an engine

I already mentioned the engine interface in my previous response. And if this is an option for Scott, it would be much better to use the engine in his application, rather than going through the rigamarole of running "openssl rand" to grab some entropy from it. The command-line utility is useful iff he can't change the application.

>       Microphones work wonders

No, they really don't. Look at the literature. (And, again, I mentioned sensors in my previous response.)

> and you can play with the sound, count,
> etc….etc….etc...

Cargo-cult entropy gathering. It may be fine under a given threat model, but we have no idea what Scott's is. As general advice it's poor.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux