Thanks for the info. I have a follow-up question based
on my specific situation. The cipher suite I am
forcing the client and server to negotiate to is
EDH-RSA-DES-CBC3-SHA(I am also requiring sslv3). That
being the case, is not having true randomness on the
client a risk? How good is the randomiz
raghuram belur wrote:
>
> Unfortunately, requesting input from the user is not
> an option for the application that I am working on.
> This is one of the reasons why I am trying to see if
> there is a way to "dumb down" the randomization on the
> client and make it mostly a server side issue. I a
Raghuram Belur wrote:
> I am wondering if it is possible to use some simple cross-platform
> [PRNG] on the client which is probably not too hard to guess and use
> a more robust mechanism such as an entropy gathering daemon on the
> server
You will have to be very careful. For example, if you u
