<div dir="ltr">I wonder if we should just start recommending that people plug one of Keith Packard's ChaosKey's into a USB port on their NTP boxes.<div><br></div><div><a href="https://keithp.com/blogs/chaoskey/">https://keithp.com/blogs/chaoskey/</a><br></div><div><br></div><div>I just leave one plugged into my main working NUC all the time.</div><div><br></div><div>..m</div></div><br><div class="gmail_quote"><div dir="ltr">On Sun, Jan 29, 2017 at 5:15 PM Hal Murray <<a href="mailto:hmurray@megapathdsl.net">hmurray@megapathdsl.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br class="gmail_msg">
<a href="mailto:gem@rellim.com" class="gmail_msg" target="_blank">gem@rellim.com</a> said:<br class="gmail_msg">
> You can't run out of randomness with RAND_bytes().<br class="gmail_msg">
<br class="gmail_msg">
Would you please say more.  The man page says:<br class="gmail_msg">
<br class="gmail_msg">
       RAND_bytes() puts num cryptographically strong pseudo-random bytes into<br class="gmail_msg">
       buf. An error occurs if the PRNG has not been seeded with enough<br class="gmail_msg">
       randomness to ensure an unpredictable byte sequence.<br class="gmail_msg">
<br class="gmail_msg">
How can I be sure that it has "been seeded with enough"?<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
--<br class="gmail_msg">
These are my opinions.  I hate spam.<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
_______________________________________________<br class="gmail_msg">
devel mailing list<br class="gmail_msg">
<a href="mailto:devel@ntpsec.org" class="gmail_msg" target="_blank">devel@ntpsec.org</a><br class="gmail_msg">
<a href="http://lists.ntpsec.org/mailman/listinfo/devel" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.ntpsec.org/mailman/listinfo/devel</a><br class="gmail_msg">
</blockquote></div>