Good day all, I'm building an SSL client app that will run on a wide variety of platforms and OS's, and a primary requirement is that it must be easily installed.
The trouble I've had is with platforms that don't have a built-in PRNG. I don't want to have to install additional modules to get a suitable source of randomness. A remedial solution I found in Eric Rescorla's fine book and that I've deployed so far on HPUX and TRU64 is to use the file "random.pem" for randomness. It works great! My question is whether this compromises security in any way. Especially if this same "random.pem" file is being used on multiple clients and is being freely and openly distributed, is this making my system less secure and more vulnerable to attack in any way? Thanks, guys ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
