> Unfortunately, it may also very well include data that would be > highly predictable to adversaries.
That doesn't matter. > I am aware that this is an area without a lot of good theoretical > signposts, but I am just not very comfortable feeding arbitrary > amounts of possibly-known data into a PRNG. > > Thor Don't worry about it. One of the specific security objectives of the PRNG is that mixing in known data does not degrade the pool. If you don't trust it not to get worse with known data being mixed in, then you don't trust it at all and you shouldn't use it. If you can't trust your selected algorithms to meet their specific security objectives, then you can't use those algorithms. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
