On Thu, May 15, 2008 at 11:41 PM, Erik de Castro Lopo <[EMAIL PROTECTED]> wrote: > Goetz Babin-Ebell wrote:
>> But here the use of this uninitialized data is intentional >> and the programmer are very well aware of what they did. > The use of unititialized data in this case is stupid because the > entropy of this random data is close to zero. It may be zero, but it may be more, depending on what happened earlier in the program if the same memory locations have been in use before. This may very well include data that would be unpredictable to adversaries -- i.e., entropy; that's the point here. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]