[Opendnssec-develop] libhsm: hsm_random() and friends

Rickard Bondesson rickard.bondesson at iis.se
Wed May 20 11:09:41 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> talking about seeding; are hsm's with rngs guaranteed to be 
> seeded? there is a function S_SeedRandom but according to the 
> docs this is only to add additional seeding data. So i'm 
> assuming that the hsm seeds itself (and that C_GenerateRandom 
> is a pseudo btw)

The API does not say anything about seeding, besides "C_SeedRandom mixes additional seed material into the token’s random number generator.". And there are no error code indicating that the RNG must seeded. So I would say that you just use the C_GenerateRandom without seeding.

// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBShPk9eCjgaNTdVjaAQjLNAf/av31rC9lCUup5VDNHyDvuVbC+BV0ZbmK
+L3razt40V0pJxgr+QUPB9SFOgCQpMpISq3VunCjFibHb7LNCOH/6LHX8cx3DowI
TcELmnpNqbU7okO7Atgu+briomptCeOr9lUH4bgdNaBuWVPTwSWpRBquqomvouhp
R2Iz7gki0pCpGtXIgHS0R3d/WpfBH/fFhPmdgmF0iNoLJBSEMg0EaNRK0BomS5iw
qo5ba59+3JaVYzsTobWDyPJIou6uMjKSVsfw26lnpU1T7RTPVJKQsTGlZu6+K4+W
xd7ogKglIs2dEjprU21u/qY1cTWEQCstOOu6KtNSQdcRuwKk0QflOA==
=ZiET
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list