Bear Giles <bgiles@coyotesong.com> writes:
>> I seem to recall that OpenSSL handles generating appropriate randomness
>> itself.
> That's been an ongoing problem, and something may be done in 0.9.7.
That's good to hear. Our position has been that if security experts
(ie, the SSL library developers) cannot figure out how to generate
secure keys on particular platforms, it's folly to suppose that
non-security-expert application developers (eg, database weenies)
will somehow manage to do better with off-the-cuff solutions.
Encapsulating that kind of knowledge is exactly what a library is
supposed to do for us. IMHO anyway.
regards, tom lane