Hasard library and secure random pool

Victor Stinner victor.stinner at haypocalc.com
Wed Jun 17 13:30:14 CEST 2009


Hi,

I wrote a library to generate random numbers called Hasard:

   http://bitbucket.org/haypo/hasard/wiki/Home

It can use gcrypt to generate numbers using the different security levels:

  "gcrypt_nonce": gcry_create_nonce()
  "gcrypt_weak": gcry_randomize(GCRY_WEAK_RANDOM)
  "gcrypt_strong": gcry_randomize(GCRY_STRONG_RANDOM)
  "gcrypt_very_strong": gcry_randomize(GCRY_VERY_STRONG_RANDOM)

I just fixed my source code to initialize correctly the library:

 1. call gcry_check_version(GCRYPT_VERSION)
 2. call gcry_control(GCRYCTL_USE_SECURE_RNDPOOL) (only for strong 
    and very strong engines)
 3. gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0)

Is it correct? Or can you check directly gcrypt.c?

   http://bitbucket.org/haypo/hasard/src/tip/lib/gcrypt.c

--

You can use Hasard to test gcrypt: it includes a lot of unit tests and can use 
external programs/libraries (ENT, TestU01, ...) to test the generator quality.

I wrote Hasard because of the OpenSSL bug in the Debian package (one year 
ago). Hasard includes, for example, a test to check that multiple 
initialization gives differents seeds (and not only 2^15 differents seeds...).

But Hasard has many more interesting features, see:

  http://bitbucket.org/haypo/hasard/src/tip/README

Hasard can also OpenSSL :-)

-- 
Victor Stinner
http://www.haypocalc.com/



More information about the Gnupg-users mailing list