Hi all, The docs for apr_generate_random_bytes() just say "Generate random bytes.", but don't say what kind of random bytes are being generated, secure or pseudo?
Obviously the newer apr_random_secure_bytes() and apr_random_insecure_bytes() make this clear, but the older call doesn't. A look at the source shows that on Unix, we either use /dev/random, EGD-compatible socket daemon, or truerand, implying that we are generating secure bytes. Is it correct to amend the docs to something like: "Generate secure random bytes. Randomness is obtained from /dev/random, an EGD compatible socket daemon, or the truer and interface, depending on the platform." Regards, Graham --
smime.p7s
Description: S/MIME cryptographic signature
