> > initially seed the random number generator. OpenSSL's SSL library already > > seeds in more random stuff from time to time itself. That notion is not acceptable for a security package. In fact many of the much-critisized "snake oil" crypto systems are more secure than an SSLeay- based application that does not seed its PRNG. Keep in mind how Netscape's SSL securiy was broken by David Wagner and Ian Goldberg. Peter Gutmann's crypto library is an example for a good cryptographic PRNG design. The OpenSSL rand library really ought to have something like that. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
