> Bear Giles writes:
>
> > Patch to add initialization from entropy source, either a
> > file ($HOME/.postgresql/.rand, $DataDir/.rand) or the
> > /dev/urandom device.
>
> I seem to recall that OpenSSL handles generating appropriate randomness
> itself.
That's been an ongoing problem, and something may be done in 0.9.7.
But all of the sample implementations still show the use of explicit
initialization code, so that's why I added it.
> So far we've reject these kinds of attempts to do it ourselves.
> How does it work now?
The failure mode isn't that SSL stops, it's that it's easier for
an attacker to guess the next number that the PRNG will produce.
This can a big problem for high-volume servers.
Bear