I said it is an RNG, not cryptographic RNG. By adding current time source, however crude, and doing a sha1/md5, why should it not be cryptoPRNG? What properties should I look for?
-----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Victor Duchovni Sent: Tuesday, March 30, 2010 9:53 PM To: openssl-users@openssl.org Subject: Re: Random Numbers On Tue, Mar 30, 2010 at 07:43:39PM -0700, P Kamath wrote: > At one point of time, we had used tt800.c random number generator (available > on the net - a small file sized 2kB), and sha'd or md5'd the output into a > stream. From the output, we filtered out weak keys, if any. I hope nobody else does anything similar. tt800 is NOT a cryptographic PRNG. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org