[JDEV] Still another patch ... (seed the rand() function)
JHildebrand at jabber.com
Mon Oct 13 18:36:37 CDT 2003
You just want it to be difficult for the attacker to predict when the same
id is going to come around again. If they are *really* unique, this will
never be a problem.
> -----Original Message-----
> From: Matthias Wimmer [mailto:m at tthias.net]
> Sent: Monday, October 13, 2003 5:01 PM
> To: jdev at jabber.org
> Subject: Re: [JDEV] Still another patch ... (seed the rand() function)
> Matthias Wimmer schrieb am 2003-10-13 23:00:18:
> > But as I said: you're right. The hole thing with rand() is not the
> > best solution. Maybe it would be a good idea to use the RAND_*()
> > functions of openssl if compiled with SSL support.
> The attached patch would use RAND_pseudo_bytes() to get
> pseudo random bytes seeded from /dev/urandom. Using
> cryptographically strong bytes (the function RAND_bytes())
> shouldn't be needed here and most of the time you get them
> with this call too.
> But is it needed? I don't see any benefit for an attacker to
> predict the challenge - it just has to be unique.
> Tot kijk
> For kibibytes see:
More information about the JDev