> on the other hand it may be a known plaintext attack. > > what are you guys smoking? > > -dean
This argument has already been refuted in the posts you are replying to. Such an "attack" would require the algorithm to not meet its specific design security objectives. In other words, you are arguing that this might be a problem if the algorithm is fundamentally broken. Well, duh, using it might be a problem if the algorithm is fundamentally broken. A primary security objective of the PRNG is that mixing in known data can never, ever hurt you. It may not increase the entropy in the PRNG, but it cannot decrease it. This is a specific design object, and you can rely on the PRNG to meet this object. If you don't think the PRNG meets this objective, you should not use it at all because this is one of its primary objectives and the entire design is premised on it. The only issue is that you might not mix in enough unknown data. Mixing in known data can never hurt you. If it can, the PRNG is totally and completely broken. If you have any reason to think it is, please explain why. We will all change the algorithm because this would be a major breakage. You might as well argue that after you sign something with RSA, you should keep the signature secret. After all, there might be some attack where the signature leaks parts of the private key. Sure, there might be. But if you really thought there was any chance of that, you'd abandon the signature algorithm, not work harder to keep the signatures secret. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]