cuberite/libevent
1
0
Fork 0
mirror of https://github.com/cuberite/libevent.git synced 2025-09-14 14:54:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

Document that arc4random is not a great cryptographic PRNG.

Browse Source
This commit is contained in:
Nick Mathewson 2013-06-10 10:38:12 -04:00
parent e35b540832
commit 6e49696147
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/event2/util.h
View File

@ -648,9 +648,12 @@ const char *evutil_gai_strerror(int err);
/** Generate n bytes of secure pseudorandom data, and store them in buf. /** Generate n bytes of secure pseudorandom data, and store them in buf.
* *
* By default, Libevent uses an ARC4-based random number generator, seeded * Current versions of Libevent use an ARC4-based random number generator,
* using the platform's entropy source (/dev/urandom on Unix-like systems; * seeded using the platform's entropy source (/dev/urandom on Unix-like
* CryptGenRandom on Windows). * systems; CryptGenRandom on Windows). This is not actually as secure as it
* should be: ARC4 is a pretty lousy cipher, and the current implementation
* provides only rudimentary prediction- and backtracking-resistance. Don't
* use this for serious cryptographic applications.
*/ */
void evutil_secure_rng_get_bytes(void *buf, size_t n); void evutil_secure_rng_get_bytes(void *buf, size_t n);