On Wed, Feb 14, 2001, tlsREK.TJLS.COM wrote:

> * worst-case, it degenerates to the internal
> seeding of the OpenSSL PRNG, even if we fed it
> _nothing_ else at all. OpenSSL doesn't really
> suck about this.

If you want to use OpenSSL's internal seeding, DO NOT use RAND_seed() with
bogus data. If you at least used RAND_add() with an entropy estimate of 0,
OpenSSL would still have the chance to stop you from using an essentially
unseeded PRNG.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]