This is something you'd want to override in the application or maybe some
environment variable.
Agreed. However, I believe there is a solid argument that the current
implementation satisfies that ...
First, let me say that what I present here may be ... um ... inaccurate; i.e.
'dead wrong'. It is based on a relatively quick reading of the applicable
code, and some basic testing.
The use of the devices in DEVRANDOM list, as well as the 'well known EGD
sockets' (which are tried if DEVRANDOM is empty, or none of the DEVRANDOM
device(s) exists AND return enough data within specified time period), is for
the SOLE PURPOSE of seeding the internal PRNG. That is, they are used for
purpose of 'sufficient initial entropy.
As of 0.9.6, most/all of the openssl subcomponents automatically attempt to use
a disk-based file as the PRNG seed IN PREFERENCE to the DEVRANDOM list or the
EGD sockets.
The file(s) to be used are based on settings in the configuration file. The
defaults are:
HOME = .
RANDFILE = $ENV::HOME/.rnd
This effectively causes the search for files to proceed as:
a) Env var RANDFILE is set, then use it,
b) Env var HOME is set, then $HOME/.rnd
c) ./.rnd
With the above in mind, if you want to use /dev/random, you simply:
dd if=/dev/random bs=1 count=1024 of=$HOME/.rnd # count= as
many bytes as you desire
Or alternatively:
dd if=/dev/random bs=1 count=1024 of=filename
export RANDFILE=filename
It is important to note that, when the initial entropy is read from a
file, openssl will write back to that file exactly 1024 bytes. This
will then be used as the initial entropy on a subsequent openssl
command. Thus, if you want to use > 1024 bytes, you will need to
re-execute dd if=/dev/random ... again.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
