I believe this was actually from a sample provided to us by Eric in response to a question we posted on the list.
Kevin -----Original Message----- From: Xperex Tim [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 3:35 PM To: [EMAIL PROTECTED] Subject: Re: Is a 'random.pem' file secure? Do you mean Rescorla's book "SSL and TLS"? On what page in Rescorla is the random.pem technique mentioned? I was unable to find it. Thanks. Tim --- "Moffet, Scott" <[EMAIL PROTECTED]> wrote: > Good day all, > > I'm building an SSL client app that will run on a > wide variety of platforms > and OS's, and a primary requirement is that it must > be easily installed. > > The trouble I've had is with platforms that don't > have a built-in PRNG. I > don't want to have to install additional modules to > get a suitable source of > randomness. > > A remedial solution I found in Eric Rescorla's fine > book and that I've > deployed so far on HPUX and TRU64 is to use the file > "random.pem" for > randomness. It works great! > > My question is whether this compromises security in > any way. Especially if > this same "random.pem" file is being used on > multiple clients and is being > freely and openly distributed, is this making my > system less secure and more > vulnerable to attack in any way? > > Thanks, guys > > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
