[cryptography] Applications should be the ones [GishPuppy]

Nico Williams nico at cryptonector.com
Fri Feb 17 15:22:37 EST 2012

Note that there may be times when the application definitely should
initialize a PRNG (seeded from the OS' entropy system -- I still
maintain that the whole system needs to work well).  For example, when
using cipher modes where IVs/confounders need to be random but also
not re-used.  In that case then you want to be able to use a PRNG (one
instance per-session key) to guarantee non-reuse.


More information about the cryptography mailing list