[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal and OpenSSL
From: "Jacques A. Vidrine" <n@nectar.com>
n> > 1. OpenSSL does not have des_new_random_key(), which Heimdal uses
n>
n> The *BSD systems provide this in libcrypto. One could always use the
n> one Heimdal provides on systems without it.
As an OpenSSL developer, I'd like to know what's the actual benefit of
Heimdals des_new_random_key() over OpenSSLs des_random_key(). I
understand it's based on a different PRNG, is that the only real
difference, or does the scrambling with des_ecb_encrypt() have a
meaning I can't detect yet?
The actual main difference that I can detect is that the PRNG in
Heimdals rnd_keys.c can take seeding from any of /dev/{,s,u}random
(it's quite possible that I'll borrow some ideas for OpenSSL
there...).
In any case, since des_random_key() is provided in Heimdal for
backward compatibility, can one assume that it and
des_new_random_key() are actually interchangeable? The comments in
Heimdals des.h seem to suggest that...
In that case, it might be possible for us to provide
des_new_random_key() as an entry point in OpenSSL. We'll see...
n> > 2. It breaks on every operating system which do not have /dev/urandom
n> > (see the OpenSSL sources); my patch has egd support too
n>
n> What is `It' in the sentence above?
I'd assume he means OpenSSL :-). And it isn't quite true, the PRNG
part works fairly well on Windows...
--
Richard Levitte \ Spannvägen 38, II \ LeViMS@stacken.kth.se
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- poei@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.