[email protected] said: > rand() and RAND_pseudo_rand() are not random, just psuedo random, thus not > for NTP.
Do you think fuzzing needs cryptographically strong randomness? I timed RAND_pseudo_bytes() rather than RAND_bytes() because I didn't want to get mixed up with not enough randomness and it seemed good enough for what we needed. > What about the OpenSSL RAND_bytes()? It's slightly faster than RAND_pseudo_bytes() :) ?? The man page says both will return 1 if the bytes generated are cryptographically strong. I wasn't able to use up the system entropy. Seems suspicious. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
