This is a discussion on Re: Seeding the OpenSSL PRNG - Openssl ; CryptoAPI is a standard component that you can expect to have on any machine which has IE5 or later installed. You can also expect it to be on Windows 2000+ as a default, as well as NT4SP3 or higher. It ...
CryptoAPI is a standard component that you can expect to have on any
machine which has IE5 or later installed. You can also expect it to
be on Windows 2000+ as a default, as well as NT4SP3 or higher.
It uses the same mechanisms that the various /dev/urandom|/dev/random
implementations use, including measuring the time of any disk or
network access. (For more information, please see MSDN's
documentation on CryptoAPI. It mentions some of the things that it
stirs into its entropy pool.)
On 9/27/06, Erik Leunissen
> Dr. Stephen Henson wrote:
> > OpenSSL makes use of some standard sources of entropy on various platforms to
> > seed the PRNG automatically. On linux this includes the /dev/urandom device
> > and on Windows various things including the CryptoAPI PRNG.
> OK, that explains, thanks.
> The program is going to be distributed to clients who run a Windows
> variant (2000, XP) or a unix-like OS (*BSD, Solaris, Linux, ...).
> I reckon that /dev/urandom is present on most unices, so I can count on
> the automatic PRNG seeding. However, on the Windows platforms I question
> whether that is the case. Is CryptoAPI PRNG a standard component of the
> OS which I can presume to be present?
> ("Network security with OpenSSL" mentions several times that Windows has
> no built-in entropy-gathering mechanism that seeds a standard PRNG,
> which is why the egads program was written.)
> If not, I want to be able to detect whether the PRNG has been seeded
> before OpenSSL complains. How would I do that?
> Erik Leunissen
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List email@example.com
> Automated List Manager firstname.lastname@example.org
OpenSSL Project http://www.openssl.org
User Support Mailing List email@example.com
Automated List Manager firstname.lastname@example.org