>Can somebody tell me if this method of seeding the RNG secure enough?
It's not. Not by a LONG shot.
If an adversary can figure out what random data you started with, then s/he
could duplicate all your important functions -- session keys, keygen, etc.
In particular, the value of rand() depends only on the previous
values of rand(). The first value of rand() depends on what you passed into
srand(). So, all you are basically doing is seeding the random number
generator with the current time. Hardly random, hardly secure.
On Win32, there's a function to load the PRNG from the screenbuffer.
>additional seed in the form of PID, thread ID, system time, and
>other private data.
Of the items you listed, all of them could be easily guessed. :)
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
