Colm MacCárthaigh <c...@allcosts.net> writes: >I think the fix for this is really at the application level; if you >want defense-in-depth against PRNG problems, it's probably best to use >separate RNG instances for public data (e.g. client_random, >server_random, explicit_IV) and for secret data (keys) so that a leak >in the public data doesn't compromise the private one. We do this in >s2n, and I think BouncyCastle does it too.
I do that too. It's also specified in the LTS draft, it's just common sense really. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
