On Wednesday, April 24 at 01:40 PM, quoth Derek Martin:
Very smart people have already thought about this A LOT. There are numerous articles and papers on the topic. If you really want to implement a solution for this that doesn't use the system libraries, you should go read some of them. The conclusion (or one of them) is using untrusted data--e.g. a message supplied by anyone other than the user--as a source of randomness is FAIL.
Fair enough, that explains things a bit better - thank you!Assuming mkstemps() is sufficient for safely creating temporary files, is there a reason not to simply borrow the FreeBSD implementation? Their implementation seems relatively straightforward and only relies on arc4random.c, which is entirely self-contained.
~Kyle --War should belong to the tragic past, to history: it should find no place on humanity's agenda for the future.
-- Pope John Paul II
pgpm9mF2sJY_R.pgp
Description: PGP signature
