> /* exchange random numbers */ > srand(truerand()); > for(i = 0; i < 4; i++) > key[i+12] = rand();
if one really cared, the right thing to do would be fastrand() calls. truerand is only for things that absolutely must be random (not pseudo-random) or for seeding random number generators, as in this example. all the auth protocols are due for a rework, but honestly i don't think anyone cares enough to see it through, myself included. russ