[openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
Salz, Rich
rsalz at akamai.com
Sat Dec 3 17:34:42 UTC 2016
What version of openssl are you using? Current versions do not call RAND_screen or other long-term heap-walking on Windows.
You absolutely *must* properly initialize the random number generator. If you fail to do that, attackers can guess the keys that you use. You will be providing only the illusion of security.
Please pass this along to that other app. What it, and you, are doing is horrible.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richsalz at jabber.at Twitter: RichSalz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161203/4118f58c/attachment.html>
More information about the openssl-users
mailing list