Re: random and time

2015-01-01 Thread FRIGN
On Fri, 12 Dec 2014 13:45:02 -0600 joshua stein wrote: > https://news.ycombinator.com/item?id=639976 Thanks for the interesting read! It just makes it even clearer that this is a serious issue to consider in your security markups. -- FRIGN

Re: random and time

2014-12-12 Thread FRIGN
On Thu, 11 Dec 2014 19:49:35 -0700 Theo de Raadt wrote: > From the code I've been reading, I am certain some folk have looked > into it. I'd even go as far as saying that there should be some folk around owning 0-days building on top of that. It's easy to synchronize with a web-server's time, ev

random and time

2014-12-11 Thread Theo de Raadt
Has anyone given any thought to the impact of 1300+ software packages using the practice of srand(time(NULL)); in an increasingly NTP-syncronized world? >From the code I've been reading, I am certain some folk have looked into it.