On Wed, Feb 14, 2001, [EMAIL PROTECTED] wrote: > * worst-case, it degenerates to the internal > seeding of the OpenSSL PRNG, even if we fed it > _nothing_ else at all. OpenSSL doesn't really > suck about this. If you want to use OpenSSL's internal seeding, DO NOT use RAND_seed() with bogus data. If you at least used RAND_add() with an entropy estimate of 0, OpenSSL would still have the chance to stop you from using an essentially unseeded PRNG.
- Bad PRNGs revisted in FreSSH Charles M. Hannum
- Re: Bad PRNGs revisted in FreSSH tls
- OS snobbery... (was Re: Bad PRNGs revisted in... Valdis Kletnieks
- Re: OS snobbery... (was Re: Bad PRNGs rev... Thor Lancelot Simon
- Re: OS snobbery... (was Re: Bad PRNGs... Lars Hecking
- Re: Bad PRNGs revisted in FreSSH Joe Laffey
- Re: Bad PRNGs revisted in FreSSH Damien Miller
- Re: Bad PRNGs revisted in FreSSH Andrew Brown
- Re: Bad PRNGs revisted in FreSSH Ulf Moeller
- Re: Bad PRNGs revisted in FreSSH Thor Lancelot Simon
