tor/changes/bug17694_strongest
Nick Mathewson 2259de0de7 Always hash crypto_strongest_rand() along with some prng
(before using it for anything besides feeding the PRNG)

Part of #17694
2015-12-08 10:54:42 -05:00

6 lines
368 B
Plaintext

o Minor features (security):
- Never use the system entropy output directly for anything besides
seeding the PRNG. When we want to generate important keys, instead
of using system entropy directly, hash it with the PRNG stream.
This may help resist certain attacks based on broken OS entropy
implementations. Closes part of ticket 17694.