Entropy for OpenSSL

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Entropy for OpenSSL

Charles Mills
I'm looking at
https://groups.google.com/forum/?fromgroups#!topic/mailing.openssl.users/j8O
bkLf6xgs  

Do I interpret it correctly as saying that assuming I do not have some
clever source of entropy of my own, that I should just "do nothing" and let
OpenSSL do what it decides is best? In other words, that I should NOT call
app_RAND_load_file() (as the current source for s_client does) nor
RAND_screen() (as O'Reilly sort-of advises)?

Thanks,
Charles


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Entropy for OpenSSL

Charles Mills
Ping!

Anybody?

Charles

-----Original Message-----
Sent: Wednesday, August 22, 2012 10:07 AM
To: [hidden email]
Subject: Entropy for OpenSSL

I'm looking at
https://groups.google.com/forum/?fromgroups#!topic/mailing.openssl.users/j8O
bkLf6xgs

Do I interpret it correctly as saying that assuming I do not have some
clever source of entropy of my own, that I should just "do nothing" and let
OpenSSL do what it decides is best? In other words, that I should NOT call
app_RAND_load_file() (as the current source for s_client does) nor
RAND_screen() (as O'Reilly sort-of advises)?

Thanks,
Charles


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Entropy for OpenSSL

Brant Thomsen
OpenSSL will try to use random sources available for the OS, so supplying your own additional randomization is usually not required.  You can call RAND_status() to determine if the library was successful getting enough random data that it decides it can start providing random numbers.  It will return a 1 if it was, or a 0 if more random data is needed.

That being said, the randomization algorithm used by OpenSSL is designed so that the randomness of the numbers returned will not be reduced by submitting additional random or pseudo-random data using the RAND_add() call.  I always make it a habit to write my code so it saves a file of random data when OpenSSL is closed, and loads that same random data file the next time it is opened.  (See the functions RAND_write_file() and RAND_load_file().)  That way I know that OpenSSL will start in a well-randomized state, and any additional randomization initialization done by the library can only make things better.  If you have access to other information that is pseudo-random, such as network packets, it might not be a bad idea to call RAND_add() on that data as well.

RAND_screen() is specific to Windows, and uses a snapshot of the desktop to use as random data.  It won't hurt to call this if you can, but is not particularly effective.  There are also some situations, such as calling OpenSSL from a Windows service, where the desktop is static or not available.  That is why OpenSSL no longer relies on it.

Brant

-----Original Message-----

Sent: Wednesday, August 22, 2012 10:07 AM
To: [hidden email]
Subject: Entropy for OpenSSL

I'm looking at
https://groups.google.com/forum/?fromgroups#!topic/mailing.openssl.users/j8O
bkLf6xgs

Do I interpret it correctly as saying that assuming I do not have some clever source of entropy of my own, that I should just "do nothing" and let OpenSSL do what it decides is best? In other words, that I should NOT call
app_RAND_load_file() (as the current source for s_client does) nor
RAND_screen() (as O'Reilly sort-of advises)?

Thanks,
Charles


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Entropy for OpenSSL

Charles Mills
Thanks.

RAND_status() is returning a 1 so I guess I am good for now. I put in an
error message if it fails to return a 1.

I will keep an eye on this problem going forward. The product is designed to
run as a Windows Service but I am currently testing in console mode. I will
specifically watch what happens when I run as a service. (PITA to test as a
Service and I am not going to do it today.)

Thanks again for your help.

Charles

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Thomsen, Brant
Sent: Friday, August 24, 2012 10:30 AM
To: [hidden email]
Subject: RE: Entropy for OpenSSL

OpenSSL will try to use random sources available for the OS, so supplying
your own additional randomization is usually not required.  You can call
RAND_status() to determine if the library was successful getting enough
random data that it decides it can start providing random numbers.  It will
return a 1 if it was, or a 0 if more random data is needed.

That being said, the randomization algorithm used by OpenSSL is designed so
that the randomness of the numbers returned will not be reduced by
submitting additional random or pseudo-random data using the RAND_add()
call.  I always make it a habit to write my code so it saves a file of
random data when OpenSSL is closed, and loads that same random data file the
next time it is opened.  (See the functions RAND_write_file() and
RAND_load_file().)  That way I know that OpenSSL will start in a
well-randomized state, and any additional randomization initialization done
by the library can only make things better.  If you have access to other
information that is pseudo-random, such as network packets, it might not be
a bad idea to call RAND_add() on that data as well.

RAND_screen() is specific to Windows, and uses a snapshot of the desktop to
use as random data.  It won't hurt to call this if you can, but is not
particularly effective.  There are also some situations, such as calling
OpenSSL from a Windows service, where the desktop is static or not
available.  That is why OpenSSL no longer relies on it.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]