Robert: I agree with this approach. OpenSSL has been through a FIPS certification (the 9.7 stream) and that examined its PRNG. There seems to be indications that the 9.8 stream will be going through FIPS soon.
Bill ----- Original Message ----- From: "Robert Connolly" <[EMAIL PROTECTED]> To: "Hardened LFS Development List" <[email protected]> Sent: Monday, September 03, 2007 11:44 PM Subject: arc4random vs RAND_pseudo_bytes > arc4random() is a safe and secure prng, but I get no feedback about it. Using > RAND_pseudo_bytes() would have the affect of removing cryptography from > Glibc, and using OpenSSL whenever possible, which is the direction I've been > going. -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
