In message <[EMAIL PROTECTED] s> on Thu, 20 Nov 2003 11:58:28 +0100, "Marc Gaudichet" <[EMAIL PROTECTED]> said:
mgaudichet> Do you have a better solution than above (e.g. hardcode mgaudichet> some kind of random data and use it with RAND_seed()...), mgaudichet> or does it seem ok to you ?
Never hardcode any "randomness". Such habits can safely be called a sin, if you believe in that.
In the mathematical sense, it's not random after you've used it once. Also, cryptography has an additional requirement that the data be *unpredictable*. If an attacker can duplicate your random number source, then entropy goes to zero, no matter how random the data are.
Ron Jeffries, a promoter of Extreme Programming (which advocates unit tests), has said "The wages of sin is debugging."
Josh
-- Joshua Juran Metamage Software Creations - Mac Software and Consulting http://www.metamage.com/
* Creation at the highest state of the art *
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
