Skip to Content [alt-c]
In reply to LibreSSL's PRNG is Unsafe on Linux [Update: LibreSSL fork fix]
You are right in this analysis and the LibreSSL developers are wrong, if not outright frighteningly incompetent in these matters. Much history and exploits show the necessity for making RAND_poll forcibly reseed with a good source of entropy. Their "truly scary function" is cargo cult cryptography.
Reply
Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
monospaced
Post a Reply
Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible.