[19235] in bugtraq
Re: Bad PRNGs revisted in FreSSH
daemon@ATHENA.MIT.EDU (Ulf Moeller)
Thu Feb 15 16:29:12 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20010215012234.A23153@openssl.org>
Date: Thu, 15 Feb 2001 01:22:34 +0100
Reply-To: ulf@openssl.org
From: Ulf Moeller <ulf@OPENSSL.ORG>
X-To: tls@REK.TJLS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010214050208.11097.qmail@securityfocus.com>; from
tls@REK.TJLS.COM on Wed, Feb 14, 2001 at 05:02:08AM -0000
On Wed, Feb 14, 2001, tls@REK.TJLS.COM wrote:
> * worst-case, it degenerates to the internal
> seeding of the OpenSSL PRNG, even if we fed it
> _nothing_ else at all. OpenSSL doesn't really
> suck about this.
If you want to use OpenSSL's internal seeding, DO NOT use RAND_seed() with
bogus data. If you at least used RAND_add() with an entropy estimate of 0,
OpenSSL would still have the chance to stop you from using an essentially
unseeded PRNG.
