cuberite/libevent
1
0
Fork 0
mirror of https://github.com/cuberite/libevent.git synced 2025-09-14 06:49:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Document that arc4random is not a great cryptographic PRNG.

Browse Source
This commit is contained in:
Nick Mathewson 2013-06-10 10:38:12 -04:00
parent e35b540832
commit 6e49696147
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/event2/util.h
View File

@ -648,9 +648,12 @@ const char *evutil_gai_strerror(int err);
/** Generate n bytes of secure pseudorandom data, and store them in buf.
*
* By default, Libevent uses an ARC4-based random number generator, seeded
* using the platform's entropy source (/dev/urandom on Unix-like systems;
* CryptGenRandom on Windows).
* Current versions of Libevent use an ARC4-based random number generator,
* seeded using the platform's entropy source (/dev/urandom on Unix-like
* systems; CryptGenRandom on Windows). This is not actually as secure as it
* should be: ARC4 is a pretty lousy cipher, and the current implementation
* provides only rudimentary prediction- and backtracking-resistance. Don't
* use this for serious cryptographic applications.
*/
void evutil_secure_rng_get_bytes(void *buf, size_t n);