random generator

Donny Jekels · ‎06-15-2004

Does any know if HP is ever going to include a random number generator is the OS?

"Vision, is the art of seeing the invisible"

A. Clay Stephenson · ‎06-15-2004

The KRNG11i package is a free download from HP for 11i.

If it ain't broke, I can fix that.

A. Clay Stephenson · ‎06-15-2004

Here's the URL:

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I

If it ain't broke, I can fix that.

Sridhar Bhaskarla · ‎06-15-2004

Hi ,

Yep. It's already there with 11i. You can get it from

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I

It needs a reboot of the system.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Donny Jekels · ‎06-15-2004

thank you, nothing for 11.0 or 11i.v2?

"Vision, is the art of seeing the invisible"

Sridhar Bhaskarla · ‎06-15-2004

Hi Donny,

Look at PRNGD. I by mistake posted the response in one of bookmarked threads :-).

http://hpux.cs.utah.edu/hppd/hpux/Maths/Misc/prngd-0.9.26/

This doesn't have a device file associated with it but can feed the random data to programs like Openssl etc.,

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Donny Jekels · ‎06-15-2004

I am trying to compile openssh 3.8p1 on a 11.0 box and the configure script is stuck for over an hour on this

checking whether OpenSSL's PRNG is internally seeded...

any ideas?

"Vision, is the art of seeing the invisible"

Sridhar Bhaskarla · ‎06-15-2004

Can you post the error you are getting?. I don't believe seeding is required for the compilation.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Sridhar Bhaskarla · ‎06-15-2004

Hi,

Try this if it works. I did it to generate ssl self-signed certificates when it was complaining about PRNG seeding.

Copy and compress any file like swagent.log as say randfile.Z and run the command

openssl genrsa -des3 -rand randfile.Z -out my.key 1024

This should create a file called .rnd in the home directory.

That should help ssl to seed.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Donny Jekels · ‎06-15-2004

0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
2134:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:503:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
2134:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:

"Vision, is the art of seeing the invisible"

Sridhar Bhaskarla · ‎06-15-2004

It says "0 semi-random bytes loaded". Looks like your file specified with -rand option is empty. It is working fine with my openssl version 0.9.6e.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Sridhar Bhaskarla · ‎06-15-2004

Make sure the file randfile.Z is in the working directory or specify full path to it while you run the openssl command. The error indicates that it couldn't locate the source. my.key is just file that gets created you can delete it. In that process .rnd gets created which would be used by openssl to seed.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Donny Jekels · ‎06-16-2004

shri,

still having problems with ssl seeding.

how large should the random.Z be? and
where should the key file land up so the ssl know where to find it?

"Vision, is the art of seeing the invisible"

Sridhar Bhaskarla · ‎06-16-2004

You can just follow these commands.

#cp /var/adm/sw/swagent.log /tmp/randfile
#compress /tmp/randfile
#/wherever_openssl_is/bin/openssl -des3 -rand /tmp/randfile.Z -out my.key 1024

See if that works.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Donny Jekels · ‎06-16-2004

# /usr/local/bin/openssl -des3 -rand /tmp/randfile.Z -out my.key 1024
openssl:Error: '-des3' is an invalid command.

"Vision, is the art of seeing the invisible"

Donny Jekels · ‎06-16-2004

genrsa was missing. hold thumbs

"Vision, is the art of seeing the invisible"

Donny Jekels · ‎06-16-2004

checking OpenSSL header version... 90704f (OpenSSL 0.9.7d 17 Mar 2004)
checking OpenSSL library version... 90704f (OpenSSL 0.9.7d 17 Mar 2004)
checking whether OpenSSL's headers match the library... yes
checking whether OpenSSL's PRNG is internally seeded...

this is where it stops, no luck with all the work arounds in place.

I compiled EGD random number generator - this is in place and running.

was able to generate my.key file with openssl

still compiling ssh tries to see if ssl can seed itself and get stuck

# tusc 10828
( Attached to process 10828 ("./conftest") [32-bit] )
In user-mode ................................................................ [running]

"Vision, is the art of seeing the invisible"

Sridhar Bhaskarla · ‎06-16-2004

Donny,

With the following options, I could be able to run 'configure' successfully.

./configure --prefix=/opt/openssh2 --with-zlib=/opt/zlib --with-ssl-dir=/opt/openssl --with-pam --with-tcp-wrappers=../tcp_wrappers_7.6 --with-privsep-path=/opt/openssh2/var/empty --with-pid-dir=/opt/openssh2/var

It basically compiles a small C program and runs it to find the capability of openssl seeding.

You should be able to find where it is hanging once you put the 'set -x' flag in the configure script.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Donny Jekels · ‎06-16-2004

this tusc output for the conftest c file

sigsetreturn(0x7f7d0d4e, 0x6211988, 1392) ................................... = 0
getpid() .................................................................... = 7677 (7676)
getpid() .................................................................... = 7677 (7676)
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY, 02277) ................... ERR#2 ENOENT
open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY, 0134000) .................. ERR#2 ENOENT
open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY, 0134000) ................. ERR#2 ENOENT
socket2(1, 1, 0) ............................................................ = 3
connect(3, 0x7f7f0cf0, 19) .................................................. = 0
write(3, "01 ", 2) ......................................................... = 2
read(3, " ", 1) ............................................................ = 1
read(3, "ceQ N ) 7 a4caceb019\f< b303d8 ".., 32) ........................... = 32
close(3) .................................................................... = 0
In user-mode ................................................................ [running]

"Vision, is the art of seeing the invisible"

H.Merijn Brand (procura · ‎06-16-2004

/dev/random for 11.00 available on http://freshmeat.net/projects/hpux11-random/
works furrrrfect :)

Enjoy, Have FUN! H.Merijn

Enjoy, Have FUN! H.Merijn

H.Merijn Brand (procura · ‎06-16-2004

/dev/random for 11.00 available on http://freshmeat.net/projects/hpux11-random/
works purrrrfect :)

Enjoy, Have FUN! H.Merijn

Enjoy, Have FUN! H.Merijn

Sridhar Bhaskarla · ‎06-16-2004

Hi,

I wonder if you could be able to successfully compile openssl. It works just fine for me on 11.0 box without any random generators. It says no and configures it. Another idea is to supply --with-rand-helper as the configure option.

You could try replacing the entire C-program testing area (lines 9624 - 9667)with the two lines, because we know that the ssl is not internally seeded for 11.0.

echo "$as_me:9659: result: no" >&5
USE_RAND_HELPER=yes

Take a copy of your configure script before you do so.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Donny Jekels · ‎06-16-2004

procura, were you able to install this random device on 11.i?

"Vision, is the art of seeing the invisible"

Donny Jekels · ‎06-16-2004

sri,

I am going to try the c file editing after i test the device file from freshmeat.

keep you posted.

"Vision, is the art of seeing the invisible"

H.Merijn Brand (procura · ‎06-16-2004

11i doesn't need this, it is available from HP sources, if not already installed in recent 11i shipments. Follow the links presented by others.

The link I posted is for 11.00 only, and as said, works as a charm

You asked for 11.00 and 10.20 too. I never was able to find this for 10.20, but on 10.20 I use egd.pl instead. Works OK, but needs restarting after reboot, whereas the 11.00 solution is builtin module.

Enjoy, Have FUN! H.Merijn

Enjoy, Have FUN! H.Merijn

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

random generator

random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator

Re: random generator