There is no need to call RAND_screen() more than once. 0.9.4 is vulnerable to attacks because the random number generator is not seeded with sufficient entropy. 0.9.6e takes more time in order to generate the necessary entropy.
Using a hardcoded seed value with make your connections vulnerable. > > Hi, > Thanks for the reply. > But, I have another problem: > My appln was initially using openssl 0.9.4 and it > was calling RAND_screen() for each client. > Now I have moved to openssl 0.6e and what I have observed is that the >RAND_screen() takes a significant amount of time about 10 sec. and makes my appl'n >slow. > Also, my appl'n is multithreaded and the time RAND_screen() takes seems to be >proportional to the number of threads (clients) I fire ( Each thread does call >RAND_screen() only once ). I do not know how is that related ? Can anybody help ? > Also, If my client uses a hardcoded seed but my server doesn't how am I (the >connection) vulnerable ? > > Please help, > > Thanks, > Neelay S Shah ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
