[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Lynx 2.8.4 with OpenSSL

From: David Woolley
Subject: Re: lynx-dev Lynx 2.8.4 with OpenSSL
Date: Sun, 4 Feb 2001 10:51:46 +0000 (GMT)

> Please put srand/rand to be the last one.  IIRC, it is always worse
> than the alternatives.

Encryption code should not be using any of these.  If it is trying to
mix data obtained from elsewhere, it should be using a cryptographically
strong hash, like MD5.  If it is trying to obtain a starting point for
the random number, it MUST use truly random sources.  On linux, there is
a driver which attempts to be a truly random source, although one cannot
rely on distributions setting it up properly (you need to carry state
across reboots by including code in the shutdown and restart scripts).

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]