« Return to Thread: Using random number file
Re: Using random number file
by Akos Vandra
::
Rate this Message:
I see what the main misunderstanding is here.
If the numbers are read from the file with no precautions whatsoever, the same numbers will be read more than once (at every run) of course. But I thought it was possible to have a set of random numbers saved in a file, and it would be possible for openssl to save a "pointer", and continue reading the file on the next run (not start from the beginning). Of course this can be done by pipeing tha file to a FIFO buffer, and then making openssl read from the pipe rather than the file (this solves the problem with the same random sequence).
What my problem here is: I have a true random number generator, but it is not linked to the computer, I get the numbers on a flash disk(as a binary file). Because these are true random numbers (well at least as far a quantum rng is random), they are safe to use for the prime generation, and I would like to use these files, rather than the PRNG of openssl (being on the safe side of a coding error in the PRNG, no offence intended, we all make mistakes :). I would like to know if this is possible
Regards,
Vandra Ákos
If the numbers are read from the file with no precautions whatsoever, the same numbers will be read more than once (at every run) of course. But I thought it was possible to have a set of random numbers saved in a file, and it would be possible for openssl to save a "pointer", and continue reading the file on the next run (not start from the beginning). Of course this can be done by pipeing tha file to a FIFO buffer, and then making openssl read from the pipe rather than the file (this solves the problem with the same random sequence).
What my problem here is: I have a true random number generator, but it is not linked to the computer, I get the numbers on a flash disk(as a binary file). Because these are true random numbers (well at least as far a quantum rng is random), they are safe to use for the prime generation, and I would like to use these files, rather than the PRNG of openssl (being on the safe side of a coding error in the PRNG, no offence intended, we all make mistakes :). I would like to know if this is possible
Regards,
Vandra Ákos
2009/7/3 Michael S. Zick <openSSL@...>
On Fri July 3 2009, Akos Vandra wrote:Yes to both.
> As far as I understand, that file is used only to seed the internal PRNG,
> not to read numbers from there... Or am I wrong? (Also the docs say the file
> will be overwrited)
>
This is intended to reduce the chance that the same random bit sequence
will be used more than once.
Reading "random" numbers from a file is one way to defeat this protection.
I.E: You don't know how many other people have read the same file.
There are types of cryptography based on the concept of a "one time pad" -
but that does not seem to be what you are asking about in this post.
Mike
> Regards,______________________________________________________________________
> Vandra Ákos
>
> 2009/7/3 Bernhard Froehlich <ted@...>
>
> > Akos Vandra schrieb:
> >
> > Hello!
> >>
> >> I have a source of (more or less) true random numbers, which I get as
> >> binary files (1MB each).
> >> I want openssl to use these files as a random number source to generate
> >> keys and signing operations. How can this be done?
> >>
> >> Regards,
> >> Vandra Ákos
> >>
> > Try using the RANDFILE= parameter in the configuration file
> > http://www.openssl.org/docs/apps/config.html, though I don't know if this
> > parameter is used by all commands.
> >
> > Hope it helps.
> > Ted
> > ;)
> >
> > --
> > PGP Public Key Information
> > Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
> > Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
> >
> >
> >
>
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@...
Automated List Manager majordomo@...
« Return to Thread: Using random number file
| Free embeddable forum powered by Nabble | Forum Help |
