RE: Handling missing random number generator

Without a /dev/random device your not cryptographically secure. If you fudge it and allow a connection anyway you are essentially lying to the users - they think it's secure but it really isn't. Ted > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [E

RE: Possible memory leak with RSA_private_encrypt?

I've also tested a version with the following change: ... // // Encrypt test data. // for (int i = 0; i < ; i++) { ... } // // Free RSA key. // ... This causes the application to continually grow in memory size. So, the memory definite

Possible memory leak with RSA_private_encrypt?

There is a good chance that I am doing something wrong. However, the program below produces the following output from valgrind with OpenSSL v0.9.8g: ==12647== 1,032 bytes in 43 blocks are definitely lost in loss record 2 of 2 ==12647==at 0x4421846: malloc (vg_replace_malloc.c:149) ==12647==

RE: Handling missing random number generator

Original message >Date: Sat, 12 Jan 2008 03:42:36 -0800 >From: "Ted Mittelstaedt" <[EMAIL PROTECTED]> > The easiest way is to have the user install a random > device. There's ones out there > for Solaris all the way back to version 2.5.1 > > However, keep in mind that al