Hello!
> On Wed, May 10, 2000 at 11:02:43AM +0530, Amit Chopra wrote:
>
> > srand((unsigned)(time(NULL))); //C Runtime Function
> > seed[i] = rand(); //C Runtime function
>
> > Can somebody tell me if this method of seeding the RNG secure enough?
>
> It is not. rand() was never meant
"Salz, Rich" wrote:
>
> >Can somebody tell me if this method of seeding the RNG secure enough?
>
> It's not. Not by a LONG shot.
>
> If an adversary can figure out what random data you started with, then s/he
> could duplicate all your important functions -- session keys, keygen, etc.
>
> I
> -Original Message-
> From: Salz, Rich [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 10, 2000 9:55 AM
> >Can somebody tell me if this method of seeding the RNG secure enough?
>
> It's not. Not by a LONG shot.
If we want to be pedantic, "secure enough" is only meaningful in terms o
>Can somebody tell me if this method of seeding the RNG secure enough?
It's not. Not by a LONG shot.
If an adversary can figure out what random data you started with, then s/he
could duplicate all your important functions -- session keys, keygen, etc.
In particular, the value of rand() depends
Amit Chopra wrote:
>
> Have you explicitly seeded the RNG by calling RAND_seed() or
> RAND_add() ? You need to do that.
>
> For example you can do :
>
> srand((unsigned)(time(NULL))); //C Runtime Function
> int seed[1024];
> for(int i = 0; i < 1024; i++)
> seed[i] = rand(); //C Runt
On Wed, May 10, 2000 at 11:02:43AM +0530, Amit Chopra wrote:
> srand((unsigned)(time(NULL))); //C Runtime Function
> seed[i] = rand(); //C Runtime function
> Can somebody tell me if this method of seeding the RNG secure enough?
It is not. rand() was never meant to be a cryptographic