SSL RNG seeding

Greg Perry <>
Sun May 31 19:24:51 CEST 2009


Ugh.  From the ssl module documentation:

----------

seed(Data) -> ok | {error, Reason}

Types:

Data = iolist() | binary()

Seeds the ssl random generator.

It is strongly advised to seed the random generator after the ssl
application has been started, and before any connections are
established. Although the port program interfacing to the OpenSSL
libraries does a "random" seeding of its own in order to make everything
work properly, that seeding is by no means random for the world since it
has a constant value which is known to everyone reading the source code
of the seeding.

A notable return value is {error, edata}} indicating that Data was not a
binary nor an iolist.

----------

So SSL uses a hardcoded seed value within the source code, is this
standard across all of the Erland cryto libraries?

Regards

Greg


More information about the erlang-questions mailing list