[Opendnssec-develop] getting rid of HSM calls from the communicator

Rick van Rein rick at openfortress.nl
Wed Sep 9 10:57:33 UTC 2009


> >More accurately: it does not have to be a secret.  But it is important
> >that it cannot be influenced by an adversary.  That's the main reason
> >to use random numbers as salts.
> right. do you agree that rand() - or maybe arc4random() - is good  
> enough?

I don't object.  Using OS calls means that the admin has control over their
level of randomness by choosing proper hardware.  And it's not as if it is
possible to wave a magic wand to get to random material -- not in the
digital world, that is.  Noise has a preoccupation with analog only.


More information about the Opendnssec-develop mailing list