[erlang-questions] crypto:rand_bytes using deprecated function
Thu Oct 8 04:42:25 CEST 2015
The rand_bytes function in the crypto module is using the openssl
function, which is deprecated.
This raises three issues / questions:
1. Should he function rand_bytes be deprecated?
2. Should the documentation state that it should not be used for
cryptographic purposes (this is the openssl recommendation)?
3. In otp/lib/ssl/src/ssl.erl (starting line 595) and in
(starting line 643) there are functions which fall back to rand_bytes if
strong_rand_bytes cannot be used. It is therefore possible that rand_bytes
might be used to generate keys. Should these functions return an error
If you need any more info, please let me know,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions