On 19/05/11 17:38, Erwann ABALEA wrote:
Hodie XIV Kal. Iun. MMXI, Tim Watts scripsit:
On 19/05/11 16:46, Peter Sylvester wrote:
another approach is to take the value of 'time' (the current second)
and append to it the current process number, and, in case of
several machines, some number indicating the id of the machine.
instead of the process number, any other method to ensure uniqueness
within a second may be used.
Ah yes - that would guarantee a non repeating unpredictable sequence.
I was confuse initially as I did not realise the serial number could
be so big (16 bytes was it?).
20 bytes max, for the RFC5280.
OK - wow.
I think I might add some "randomness" into mine - seems easy enough. I
won't pretend I fully understand why - mostly because I wasn't clear why
the serial is important.
I understand the merits of "random" TCP sequence numbers though - but
the reason for those is a little more obvious.
That's not a request for a detailed explanation, BTW - I'm happy to take
it on trust from you experts :)
Thanks!
Tim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
