I'm not sure whether I should worry about seeding OpenSSL's PRNG properly. http://www.aleksey.com/pipermail/xmlsec/2002/000069.html says that OpenSSL uses random numbers in many "hidden" places, and the OpenSSL FAQ says the PRNG should be seeded "before generating keys or performing public key encryption," but the XMLSec samples use a decidedly non-random seed (0 repeated some number of times).
Given that I'm not generating keys, does it really matter whether I seed the PRNG properly? I'm inclined to think not, since as things stand I can generate XML signatures that other implementations can verify, and verify signatures from other implementations, and that's all I need to do. _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
