Hi, I'll have to read and analyze this code in more detail to give you a qualified opinion. I'll do this later...
On the surface it looks a bit complicated and I'm not entirely sure about the
seeding, but I'll have to study the API first to make sure.
On Sunday, Sunday 09 February 2014 at 22:40, Kurt Pattyn wrote:
> If the above implementation suffices, then a virtual method would not be
> needed anymore.
Please use the virtual method anyway. Yes, it adds about two more instructions
and a memory access for every call to this method, but security-wise it is
worth it.
You can never assume code to be absolutely secure, just secure enough for a
particular purpose that you can envision under the constraints of the
knowledge you currently possess. Providing an overridable virtual method gives
users with stronger requirements (or with more paranoid bosses) sufficient
freedom to implement those requirements.
Incidentally it gives you an excuse to cop out of security discussions... ;-)
> Should I fall back to the ordinary qrand() when the other methods fail?
Yes.
Konrad
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
