Hi, I'll have to read and analyze this code in more detail to give you a qualified opinion. I'll do this later...
On the surface it looks a bit complicated and I'm not entirely sure about the seeding, but I'll have to study the API first to make sure. On Sunday, Sunday 09 February 2014 at 22:40, Kurt Pattyn wrote: > If the above implementation suffices, then a virtual method would not be > needed anymore. Please use the virtual method anyway. Yes, it adds about two more instructions and a memory access for every call to this method, but security-wise it is worth it. You can never assume code to be absolutely secure, just secure enough for a particular purpose that you can envision under the constraints of the knowledge you currently possess. Providing an overridable virtual method gives users with stronger requirements (or with more paranoid bosses) sufficient freedom to implement those requirements. Incidentally it gives you an excuse to cop out of security discussions... ;-) > Should I fall back to the ordinary qrand() when the other methods fail? Yes. Konrad
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development