Timo Juhani Lindfors wrote: > True. We need to both fix the RNG and use a longer moniker.
M = H(CRYPT_PRNG()) for example: use Digest::SHA qw(sha1_hex); open(UR, '<', '/dev/urandom') or die($!); my $rbytes; die if (sysread(UR, $rbytes, 16) < 16); my $m = sha1_hex($rbytes); And while at it, stop reinventing the wheel and use a proper HMAC if that's what is wanted: use Digest::SHA qw(hmac_sha1_hex); print hmac_sha1_hex($v, $m); Then you just publish the HMAC in the tally. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jnbv2n$g0f$1...@dough.gmane.org