<div dir="ltr"><div><div>It's because crypto must not rely on pseudo random generated numbers, they are considered too easy to crack.<br></div>I guess that sound input was seen as a universal way to get some hardware noise...<br>
</div>Nowadays, shouldn't it be something like /dev/random?<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/11/19 Frank Shearar <span dir="ltr"><<a href="mailto:frank.shearar@gmail.com" target="_blank">frank.shearar@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Does anyone know the current state of play of the crypto team?<br>
<br>
We have a DSA implementation in "System-Digital Signatures" that<br>
should belong in a package called "Crypto-Something", but if the other<br>
stuff was better I'd rather delete this and use the proper stuff.<br>
<br>
Also, we need a better encapsulated source of randomness than<br>
"SoundService default randomBitsFromSoundInput: 512" because crypto<br>
shouldn't depend on a sound package. I don't care if something _plugs<br>
that in_, but the direct reference is suboptimal.<br>
<span class="HOEnZb"><font color="#888888"><br>
frank<br>
<br>
</font></span></blockquote></div><br></div>