[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DIGEST-MD5 and {nonce,cnonce}



> > > > To be blunt: using gettimeofday to get SECURE random numbers is a really
> > > > BAD idea! Most operating systems have much better ways to get random numbers
> > > > (for example /dev/random). These specifically have been developed with
> > > > security in mind, so use them!
> > >
> > >         Yeah, but I am thinking in terms of portability. Is reading from
> > > /dev/random portable enough? AFAIK, linux supports it, but Solaris does
> > > not.
> > >         Maybe I shouldn't think of portability now, and just use
> > > /dev/random.

Most UNIX implementations implement rand() and friends.  Even Solaris ;)
I'd suggest using it, instead of wasting time rolling your own
(reinventing the wheel).
--
Ed Carp, N7EKG  	erc@pobox.com		940/367-2744 cell phone

Visit http://www.linux-usa.net - Plug-n-Go Linux servers for small business
                                 "Plug it in - Turn it on - You're Done!"