Note that there may be times when the application definitely should initialize a PRNG (seeded from the OS' entropy system -- I still maintain that the whole system needs to work well). For example, when using cipher modes where IVs/confounders need to be random but also not re-used. In that case then you want to be able to use a PRNG (one instance per-session key) to guarantee non-reuse.
Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
