On May 26, 2011, at 7:15 PM, Kevin Bracey wrote: > srandom(time(NULL));
It’s never a good idea to seed a RNG with something guessable like this. (An old exploit against the Netscape browser’s SSL implementation was made possible in part by doing exactly that.) All you have to do is call srandomdev() once; that will seed the generator used by random() with some extremely random (“high-entropy”) data read from /dev/random, which is generated by the kernel through all kinds of black magic. —Jens
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
