[xmlsec] RAND_seed() redux
jsp at PKC.com
Tue Feb 4 12:26:01 PST 2003
I'm not sure whether I should worry about seeding OpenSSL's PRNG properly.
http://www.aleksey.com/pipermail/xmlsec/2002/000069.html says that OpenSSL
uses random numbers in many "hidden" places, and the OpenSSL FAQ says the
PRNG should be seeded "before generating keys or performing public key
encryption," but the XMLSec samples use a decidedly non-random seed (0
repeated some number of times).
Given that I'm not generating keys, does it really matter whether I seed the
PRNG properly? I'm inclined to think not, since as things stand I can
generate XML signatures that other implementations can verify, and verify
signatures from other implementations, and that's all I need to do.
More information about the xmlsec