apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Reid" <dr...@jetnet.co.uk>
Subject PRNG seeding...
Date Fri, 11 Jan 2002 19:16:08 GMT
This was posted by Tom Lane on the Postgresql [patches] list, which I
thought might be of interest :)

The thing that sticks in my craw about OpenSSL's approach to this is
that they assume application programmers (or database interface library
programmers, in this case) know more about how to find a suitable source
of randomness than the OpenSSL library does.  That strikes me as
completely wrong, not to say an abdication of responsibility for correct
operation of their library.  If it's a hard problem, why do they think
that application programmers (who presumably know little about crypto)
are more likely to get it right than they are?

I have heard that the next release of OpenSSL is going to fix this
problem, and so I'm not inclined to patch around it in our code.

david



Mime
View raw message