Add link to Security.Stackexchange thread
where I asked about whether the seeding from `/dev/urandom` or stack
variable should remain.
A. Sinan Unur
10 years ago
131 | 131 | |
132 | 132 | /**** Code from Devin Heitmueller, 10/3/2002 ****/ |
133 | 133 | /**** Use /dev/urandom to seed if available ****/ |
134 | /* see also | |
135 | * http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ | |
134 | /* ASU: 2014/04/23 It looks like it is OK to leave | |
135 | * this in. See following thread: | |
136 | * http://security.stackexchange.com/questions/56469/ | |
136 | 137 | */ |
137 | /* Also, http://wiki.openssl.org/index.php/Random_Numbers#Seeds | |
138 | * seems to indicate maybe we should not be doing this ourselves | |
139 | */ | |
140 | if (RAND_load_file("/dev/urandom", CRYPT_SSLEAY_RAND_BUFSIZE) | |
138 | if (RAND_load_file("/dev/urandom", CRYPT_SSLEAY_RAND_BUFSIZE) | |
141 | 139 | != CRYPT_SSLEAY_RAND_BUFSIZE) |
142 | 140 | { |
143 | 141 | /* Couldn't read /dev/urandom, just seed off |