Timings for random
Gary E. Miller
gem at rellim.com
Mon Jan 30 20:15:05 UTC 2017
Yo Hal!
On Sun, 29 Jan 2017 17:15:05 -0800
Hal Murray <hmurray at megapathdsl.net> wrote:
> gem at rellim.com said:
> > You can't run out of randomness with RAND_bytes().
>
> Would you please say more. The man page says:
>
> RAND_bytes() puts num cryptographically strong pseudo-random
> bytes into buf. An error occurs if the PRNG has not been seeded with
> enough randomness to ensure an unpredictable byte sequence.
Doesn't that say it? Once seeded it does not run out.
> How can I be sure that it has "been seeded with enough"?
Use RAND_status() or RAND_event()
On Linux you can do:
cat /proc/sys/kernel/random/entropy_avail
Most sources say entropy past 128 is good enough.
As a general rule, don't do important crypto things just after system
boot. And be especially careful running in a VM.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170130/fd0f0a6d/attachment.bin>
More information about the devel
mailing list