diff options
Diffstat (limited to 'doc/man3/RAND_egd.pod')
-rw-r--r-- | doc/man3/RAND_egd.pod | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/doc/man3/RAND_egd.pod b/doc/man3/RAND_egd.pod index 1dc1321eae..956362dff2 100644 --- a/doc/man3/RAND_egd.pod +++ b/doc/man3/RAND_egd.pod @@ -15,18 +15,18 @@ RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon =head1 DESCRIPTION -RAND_egd() queries the entropy gathering daemon EGD on socket B<path>. +RAND_egd() queries the Entropy Gathering Daemon (EGD) on socket B<path>. It queries 255 bytes and uses L<RAND_add(3)> to seed the OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for RAND_egd_bytes(path, 255); -RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>. +RAND_egd_bytes() queries EGD on socket B<path>. It queries B<bytes> bytes and uses L<RAND_add(3)> to seed the OpenSSL built-in PRNG. This function is more flexible than RAND_egd(). When only one secret key must be generated, it is not necessary to request the full amount 255 bytes from -the EGD socket. This can be advantageous, since the amount of entropy +the EGD socket. This can be advantageous, since the amount of randomness that can be retrieved from EGD over time is limited. RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket @@ -36,28 +36,28 @@ OpenSSL built-in PRNG using L<RAND_add(3)>. =head1 NOTES -On systems without /dev/*random devices providing entropy from the kernel, -the EGD entropy gathering daemon can be used to collect entropy. It provides -a socket interface through which entropy can be gathered in chunks up to +On systems without /dev/*random devices providing randomness from the kernel, +EGD provides +a socket interface through which randomness can be gathered in chunks up to 255 bytes. Several chunks can be queried during one connection. EGD is available from http://www.lothar.com/tech/crypto/ (C<perl Makefile.PL; make; make install> to install). It is run as B<egd> I<path>, where I<path> is an absolute path designating a socket. When RAND_egd() is called with that path as an argument, it tries to read -random bytes that EGD has collected. RAND_egd() retrieves entropy from the +random bytes that EGD has collected. RAND_egd() retrieves randomness from the daemon using the daemon's "non-blocking read" command which shall be answered immediately by the daemon without waiting for additional -entropy to be collected. The write and read socket operations in the +randomness to be collected. The write and read socket operations in the communication are blocking. Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is available from http://prngd.sourceforge.net/ . PRNGD does employ an internal PRNG itself and can therefore never run -out of entropy. +out of randomness. -OpenSSL automatically queries EGD when entropy is requested via RAND_bytes() +OpenSSL automatically queries EGD when randomness is requested via RAND_bytes() or the status is checked via RAND_status() for the first time, if the socket is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool. |