X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=doc%2Fman7%2FRAND.pod;h=971b3cdb161287a62c6b64191da579ddc8fa53d6;hb=bb157fd142ab3eced6051a32d8207de8a79c2fbe;hp=6ec7548972c0cacc7f5fdae1e1a484ffccbf106d;hpb=a73d990e2b6b1a406b1c85837a176bf7525d3914;p=oweals%2Fopenssl.git diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod index 6ec7548972..971b3cdb16 100644 --- a/doc/man7/RAND.pod +++ b/doc/man7/RAND.pod @@ -24,16 +24,19 @@ to be initialized ('seeded') explicitly. It seeds and reseeds itself automatically using trusted random sources provided by the operating system. -As a normal application developer, you don't have to worry about any details, +As a normal application developer, you do not have to worry about any details, just use L to obtain random data. Having said that, there is one important rule to obey: Always check the error -return value of L and don't take randomness for granted. +return value of L and do not take randomness for granted. -For long-term secrets, you can use L instead. +For values that should remain secret, you can use L +instead. This method does not provide 'better' randomness, it uses the same type of CSPRNG. -The intention behind using a dedicated CSPRNG exclusively for long-term secrets is -that none of its output should be visible to an attacker (e.g used as salt value), -in order to reveal as little information as possible about its internal state. +The intention behind using a dedicated CSPRNG exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the "public" +CSPRNG instance will not affect the secrecy of these private values. In the rare case where the default implementation does not satisfy your special requirements, there are two options: @@ -61,10 +64,10 @@ of cryptographic principles and understand the implications of your changes. L, L, L, -L -L +L, +L, L, -L, +L =head1 COPYRIGHT