Re: Re: Re: Re: Delay at first use of OpenSSL functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks a lot for such a superb explanation!
It's clear now why OpenSSL gather entropy for such a long time, it 
just doesn't
have any external source of it.
But I still need my scripts run as fast as possible :)
There are Windows 2003 + IIS6, so there are no any dev/random device,
OpenSSL use by default...
Would you be so king to point what can be done to make OpenSSL work 
on
Windows as fast as it work on Unix with a kernel-level entropy 
source?
18.01.2005 21:20:16
Bret Hughes <bhughes@xxxxxxxxxxxxx> wrote in message
<1106076016.15123.72.camel@bretsony>

> On Tue, 2005-01-18 at 11:45, Vladas Shukevichus wrote:
> > 18.01.2005 18:06:31
> > Marek Kilimajer <lists@xxxxxxxxxxxxx> wrote in message
> > <41ED3407.7040706@xxxxxxxxxxxxx>
> > 
> > > M. Sokolewicz wrote:
> > > > didn't you read what wez said? they're gathering entropy... 
you 
> > *can't* 
> > > > (and shouldn't want to) prevent that.
> > > > 
> > > 
> > > Or get some good entropy source
> > 
> > Can you explain this a bit? How can I do this?
> > 
> 
> Now you  getting back to the "there are only six people in the 
world
> that understand encryption deal" :)
> 
> entropy in these terms ( as I understand it ) is a source of 
randomness
> used by open ssl.  I believe /dev/random is the source for this on 
a
> linux system.  various system events cause random characters to be 
added
> to the entropy pool that is then  accessed via /dev/random.  I rna 
into
> this a couple of years ago setting up a freeswan link that was 
taking
> forever (hours) to generate the keys. Turns out that since I was on 
a
> headless scsi system there was a severe lack of entropy.  At the 
time,
> ide hard drive activity, mouse events and possibly keyboard 
activity
> were the primary inputs into the pool.  If your system needs a lot 
of
> randomness there are various random number generators available.  
> 
> Do some searching, cryptogeeks take thier randomness very seriously.
  I
> had no idea until I ran into this.  The coolest one I found was a
> lavalamp array that had a camera pointed at it and the output was
> massaged to generate the random data. Last I heard, even this was 
being
> debated as to whether it was random enough.
> 
> this is important enough that Via puts a random number generator 
built
> into the epia boards so appliances will have enough of an entropy 
pool
> to quickly establish vpns.
> 
> Have fun learing about it.  I did.
> 
> Having said all this, you might try moving the server mouse around
> immediatly before and during the transaction to see if its faster.
> 
> 
> HTH
> 
> Bret

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux