Next: , Previous: , Up: SXEmacs OpenSSL API   [Contents][Index]


62.2.2 (Pseudo) Random Numbers

Random numbers are necessary for cryptographically secure implementations. The term number here indeed means a string. OpenSSL itself provides random number generators which fulfill the the demands of cryptography.

Function: ossl-rand-bytes count

Return count bytes of randomness.

Note: You probably want to put a wrapping encoder function (like base16-encode-string) around it, since this returns binary string data.

(base16-encode-string (ossl-rand-bytes 8))
  ⇒ "5a78acd572984bdf"

Modern systems supply more sophisticated sources for random data, so called entropy gathering daemons.

Function: ossl-rand-bytes-egd count egd

Return count bytes of randomness from an EGD socket. By default use the socket /var/run/egd-pool.

Note: You probably want to put a wrapping encoder function (like base16-encode-string) around it, since this returns binary string data.

(base16-encode-string (ossl-rand-bytes-egd 8 "/var/run/egd-pool"))
  ⇒ "59342a240b356a04"

Please note that the system’s random sources are used only for seeding OpenSSL’s pseudo-random number generator. So even large amounts of random data should be feasible. In contrast querying for large amounts of random data directly most likely freezes your process since the size of random devices or pools, and hence the size of cached random data, is quite limited.

Random numbers generated this way, can be used as “passwords” or salt values in various encryption and decryption functions. As stated above, whenever security is concerned one of the above functions, ossl-rand-bytes or ossl-rand-bytes-egd should be used to obtain random numbers. The built-in random function of SXEmacs is not cryptographically secure.