On 25/07/2002 15:47:30 owner-openssl-users wrote:
>My question is whether this compromises security in any way. Especially if >this same "random.pem" file is being used on multiple clients and is being >freely and openly distributed, is this making my system less secure and more >vulnerable to attack in any way? Without an unpredictable random source you are completly and absolutely vulnerable. Having your random seed an attacker may recreate your key pairs, your session keys anything (s)he wants. Sandor -- Sandor Nagy,CISSP,Senior Software Engineer, Sophos Anti-Virus Real Business/CBI Growing Business Awards: Company of the Year Email: [EMAIL PROTECTED], Tel: 01235 559933, Web: www.sophos.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
