Good question... I'm not an expert on the cryptography aspect but I think what happens is that your encryption becomes "predictable" - that is, the same input plaintext, encrypted twice, produces the same encrypted data. This leaves you open to a frequency analysis attack. This is not the case if you have a truly random seed.
>-----Original Message----- >From: Neelay Shah [mailto:[EMAIL PROTECTED]] >Sent: Mittwoch, 4. September 2002 16:17 >To: [EMAIL PROTECTED] >Subject: openssl Newbie ( PRNG seed ) > > > > Hi Guys, > I am a newbie to openssl. Here is my question : > "How important is the PRNG seed to the > total security of your program ?" i.e > instead of calling RAND_screen() if I use RAND_seed() > and use a hardcoded value, what is the impact? > Also, is this impact different for client and > server programs ? > > Waiting for your reply. > Thanks, > Neelay >-- >_______________________________________________ >Get your free email from http://mymail.operamail.com > >Powered by Outblaze >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
