Re: Doubt about OpenSSL library initialization in an HTTP client application

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

What version of openssl are you using?  Current versions do not call RAND_screen or other long-term heap-walking on Windows.

 

You absolutely *must* properly initialize the random number generator.  If you fail to do that, attackers can guess the keys that you use.  You will be providing only the illusion of security.

 

Please pass this along to that other app.  What it, and you, are doing is horrible.

 

-- 

Senior Architect, Akamai Technologies

Member, OpenSSL Dev Team

IM: richsalz@xxxxxxxxx Twitter: RichSalz

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux