Richard Stoughton wrote:
On Tue, May 20, 2008 at 12:09 AM, Bodo Moeller [EMAIL PROTECTED] wrote:
As far as I can understand the code, the suggested usage pattern for
the RNG would be
ssleay_rand_bytes(ssleay_rand_add ^ n) with n 0.
If consecutive calls to ssleay_rand_bytes without
On Tue, May 20, 2008 at 12:09 AM, Bodo Moeller [EMAIL PROTECTED] wrote:
On Mon, May 19, 2008 at 11:57 PM, Richard Stoughton [EMAIL PROTECTED] wrote:
- do not mix the PID into the internal entropy pool, and
The OpenSSL PRNG uses the PID twice:
Once it is used as part of the intitial seeding
Hi,
This is not a joke. Please clean up ssleay_rand_bytes:
- do not mix the PID into the internal entropy pool, and
- do not mix bits of the given output buffer into the internal entropy pool.
This will help detecting weaknesses in the rng itself as well as in
software that depends on this
On Mon, May 19, 2008 at 11:57 PM, Richard Stoughton [EMAIL PROTECTED] wrote:
- do not mix the PID into the internal entropy pool, and
The OpenSSL PRNG uses the PID twice:
Once it is used as part of the intitial seeding on Unix machines, to
get some data that might provide a little actual