cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL problem in libcurl 7.13.1

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Fri, 4 Mar 2005 12:19:25 -0800

On Fri, Mar 04, 2005 at 12:04:05PM -0800, David Byron wrote:
> Sorry guys. My reflex against magic numbers bit us all. Any chance of
> adding a comment that explains why 16384 is the right number to use? We
> just learned the hard way that we need some number, but how much info do
> we need? 16384 bytes of pseudo random info is an awful lot for 256 bit
> keys. One example I have uses 1024. Can someone more SSL savvy add
> some insight here?

The man page for the analagous function RAND_write_file states that it
writes 1024 bytes (i.e. 8192 bits) into a file for later reading by
RAND_read_file. That sounds like more than enough for seeding a 256 bit key.
I'll lower the size if no one has a reason otherwise.

> At least some comment explaining it has nothing to do with the buffer
> size we're using would help.

I actually did add a tiny comment before committing the patch.

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved
Received on 2005-03-04