Thanks a lot for such a superb explanation! It's clear now why OpenSSL gather entropy for such a long time, it just doesn't have any external source of it. But I still need my scripts run as fast as possible :) There are Windows 2003 + IIS6, so there are no any dev/random device, OpenSSL use by default... Would you be so king to point what can be done to make OpenSSL work on Windows as fast as it work on Unix with a kernel-level entropy source? 18.01.2005 21:20:16 Bret Hughes <bhughes@xxxxxxxxxxxxx> wrote in message <1106076016.15123.72.camel@bretsony> > On Tue, 2005-01-18 at 11:45, Vladas Shukevichus wrote: > > 18.01.2005 18:06:31 > > Marek Kilimajer <lists@xxxxxxxxxxxxx> wrote in message > > <41ED3407.7040706@xxxxxxxxxxxxx> > > > > > M. Sokolewicz wrote: > > > > didn't you read what wez said? they're gathering entropy... you > > *can't* > > > > (and shouldn't want to) prevent that. > > > > > > > > > > Or get some good entropy source > > > > Can you explain this a bit? How can I do this? > > > > Now you getting back to the "there are only six people in the world > that understand encryption deal" :) > > entropy in these terms ( as I understand it ) is a source of randomness > used by open ssl. I believe /dev/random is the source for this on a > linux system. various system events cause random characters to be added > to the entropy pool that is then accessed via /dev/random. I rna into > this a couple of years ago setting up a freeswan link that was taking > forever (hours) to generate the keys. Turns out that since I was on a > headless scsi system there was a severe lack of entropy. At the time, > ide hard drive activity, mouse events and possibly keyboard activity > were the primary inputs into the pool. If your system needs a lot of > randomness there are various random number generators available. > > Do some searching, cryptogeeks take thier randomness very seriously. I > had no idea until I ran into this. The coolest one I found was a > lavalamp array that had a camera pointed at it and the output was > massaged to generate the random data. Last I heard, even this was being > debated as to whether it was random enough. > > this is important enough that Via puts a random number generator built > into the epia boards so appliances will have enough of an entropy pool > to quickly establish vpns. > > Have fun learing about it. I did. > > Having said all this, you might try moving the server mouse around > immediatly before and during the transaction to see if its faster. > > > HTH > > Bret -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
