[Opendnssec-develop] getting rid of HSM calls from the communicator
Rick van Rein
rick at openfortress.nl
Wed Sep 9 10:57:33 UTC 2009
> >More accurately: it does not have to be a secret. But it is important
> >that it cannot be influenced by an adversary. That's the main reason
> >to use random numbers as salts.
> right. do you agree that rand() - or maybe arc4random() - is good
I don't object. Using OS calls means that the admin has control over their
level of randomness by choosing proper hardware. And it's not as if it is
possible to wave a magic wand to get to random material -- not in the
digital world, that is. Noise has a preoccupation with analog only.
More information about the Opendnssec-develop