Hasard library and secure random pool

Victor Stinner victor.stinner at haypocalc.com
Wed Jun 17 13:30:14 CEST 2009


I wrote a library to generate random numbers called Hasard:


It can use gcrypt to generate numbers using the different security levels:

  "gcrypt_nonce": gcry_create_nonce()
  "gcrypt_weak": gcry_randomize(GCRY_WEAK_RANDOM)
  "gcrypt_strong": gcry_randomize(GCRY_STRONG_RANDOM)
  "gcrypt_very_strong": gcry_randomize(GCRY_VERY_STRONG_RANDOM)

I just fixed my source code to initialize correctly the library:

 1. call gcry_check_version(GCRYPT_VERSION)
 2. call gcry_control(GCRYCTL_USE_SECURE_RNDPOOL) (only for strong 
    and very strong engines)

Is it correct? Or can you check directly gcrypt.c?



You can use Hasard to test gcrypt: it includes a lot of unit tests and can use 
external programs/libraries (ENT, TestU01, ...) to test the generator quality.

I wrote Hasard because of the OpenSSL bug in the Debian package (one year 
ago). Hasard includes, for example, a test to check that multiple 
initialization gives differents seeds (and not only 2^15 differents seeds...).

But Hasard has many more interesting features, see:


Hasard can also OpenSSL :-)

Victor Stinner

More information about the Gnupg-users mailing list