The default random pool seeding in openssl is pretty weak. It mixes up the pool with MD5 pretty well, but there's really very little random data put into the pool to start with. On linux it will use /dev/random and on MS Windows it will use the current screen contents (not very random), but otherwise it just uses the uid, pid, and time. Beyond that it is up to the application to find some good data and mix it in. Would it be worthwhile to add more platform specific randomness gathering methods to the library? Where would such code go? One can envision a dozen or more #ifdef'ed code snippets. Is there any good multi-platform randomness gathering code already written that people can grab and use? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
