The examples you mention are actually use "stupid" seeding with the simple reason to minimize "non-xmlsec" related code. If you want to use XMLSEC in any real application you *do need* to seed crypto engine with real random numbers. Please take a look at apps/xmlsec.c in xmlsec package or any OpenSSL examples on how to do this correctly. Aleksey