Re: OpenSSL patch for Heimdal 0.3d

[Richard Levitte - VMS Whacker <levitte@stacken.kth.se>]

From: Assar Westerlund <assar@sics.se>

assar> > One important change: if your OS does not have /dev/urandom,
assar> > you need to install & run egd (see
assar> > http://www.lothar.com/tech/crypto).

An alternative (which is claimed to be better because it will never
block) is prngd:

  http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/prngd.html

assar> Is there any default location where this socket is located?

Not really, but we (the OPenSSL team) have recently talked with the
author of egd (there are suggestion on places in the docs), and it
seems like the following places will be proposed (that's at least the
list of defaults we're putting in OpenSSL :-)):

#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"

The last one was the example you could find in the egd docs.  I don't
know if it has changed yet...

-- 
Richard Levitte   \ Spannvägen 38, II \ LeViMS@stacken.kth.se
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis                -- poei@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.