On Fri, 4 May 2001, Dilkie, Lee wrote:

> It is critical to get the initial seed with as much entropy as possible

yes, it's traditional way to keep openssl' PRNG happy.
However, "a random" inside "server hello" is sent in clear
and it may be appropriate to use low-quality clock-based source here.
One can outsource "SSL client" role out of embedded system
to let the other party generate premaster secret.

-vf


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to