In the OpenSSL documentation here http://ift.tt/1GuMQyO, they say :
By default, OpenSSL uses the md_rand generator. md_rand uses the MD5 hash as the pseudorandom function. The source code is located in crypto/rand/md_rand.c.
You can test for the generator with:
RAND_METHOD* rm = RAND_get_rand_method();
if(rm == RAND_SSLeay())
{
printf("Using default generator\n");
}
You can change the random method using the following.
RAND_METHOD* rm = ...;
if(rm != NULL)
{
rc = RAND_set_rand_method(rm);
ASSERT(rc == 1);
}
They say that you can change the method used, but there is no information concerning the possible values of the random method.
In the OpenSSL FIPS 140-2 Security Policy http://ift.tt/1v3fG4g, page 12, they talk about 4 DRBG. A HASH based one which uses SHA1 and SHA2 (not md5), and the other 3.
My question is : how can I tell OpenSSL random generator to use SHA2 instead of MD5, or maybe use HMAC, for example, instead of HASH?
Aucun commentaire:
Enregistrer un commentaire