The -tlsRandomSeed option is used to specify how the pseudo random number generator used by TLS is initialized. Efficient initialization with values that are as random and unforeseeable as possible is of decisive importance for TLS security. If the BS2000 subsystem PRNGD (Pseudo Random Number Generator Demon) is active on the system on which the FTP client is running, PRNGD is used for initialization, so the setting of the -tlsRandomSeed option is of practically no significance. Subsystem PRNGD is described in the “interNet Services Administrator Guide”.
-tlsRandomSeed |
PROGRAM | USER |
PROGRAM
Program-internal functions are used. These utilize above all fluctuations of the real-time clock in relation to the timer of the system CPU to generate random numbers for initialization.
USER
Part of the initialization is the same as with the specification PROGRAM. In addition, the user is repeatedly prompted to key in characters as randomly as possible and/or to press the ENTER key. The time stamp from the input is used for initialization. The characters entered are also used for initialization. Since, however, the randomness of the characters is not known and these characters can in many cases be intercepted, they are not taken into account when estimating whether there is already enough initialization material. Only the number of times the ENTER key is pressed is taken into account in this estimate.
USER is the default.
If the FTP client is operated in batch mode, it is generally recommendable to use the PROGRAM setting as no user is available to enter random numbers in batch mode.