Hasard library and secure random pool
Victor Stinner
victor.stinner at haypocalc.com
Wed Jun 17 13:30:14 CEST 2009
Hi,
I wrote a library to generate random numbers called Hasard:
http://bitbucket.org/haypo/hasard/wiki/Home
It can use gcrypt to generate numbers using the different security levels:
"gcrypt_nonce": gcry_create_nonce()
"gcrypt_weak": gcry_randomize(GCRY_WEAK_RANDOM)
"gcrypt_strong": gcry_randomize(GCRY_STRONG_RANDOM)
"gcrypt_very_strong": gcry_randomize(GCRY_VERY_STRONG_RANDOM)
I just fixed my source code to initialize correctly the library:
1. call gcry_check_version(GCRYPT_VERSION)
2. call gcry_control(GCRYCTL_USE_SECURE_RNDPOOL) (only for strong
and very strong engines)
3. gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0)
Is it correct? Or can you check directly gcrypt.c?
http://bitbucket.org/haypo/hasard/src/tip/lib/gcrypt.c
--
You can use Hasard to test gcrypt: it includes a lot of unit tests and can use
external programs/libraries (ENT, TestU01, ...) to test the generator quality.
I wrote Hasard because of the OpenSSL bug in the Debian package (one year
ago). Hasard includes, for example, a test to check that multiple
initialization gives differents seeds (and not only 2^15 differents seeds...).
But Hasard has many more interesting features, see:
http://bitbucket.org/haypo/hasard/src/tip/README
Hasard can also OpenSSL :-)
--
Victor Stinner
http://www.haypocalc.com/
More information about the Gnupg-users
mailing list