[svn] Warn the user when using weak random seed.

src/ChangeLog

@@ -1,3 +1,8 @@
+2003-11-18  Hrvoje Niksic  <hniksic@xemacs.org>
+
+	* gen_sslfunc.c (ssl_init_prng): Warn the user when using a weak
+	random seed.
+
 2003-11-18  Hrvoje Niksic  <hniksic@xemacs.org>
 
 	* host.c (address_list_contains): Renamed address_list_find to

src/gen_sslfunc.c

@@ -98,12 +98,14 @@ ssl_init_prng (void)
     return;
 #endif
 
-  /* Still not enough randomness, presumably because neither random
+  /* Still not enough randomness, most likely because neither
-     file nor EGD have been available.  Use the stupidest possible
+     /dev/random nor EGD were available.  Resort to a simple and
-     method -- seed OpenSSL's PRNG with the system's PRNG.  This is
+     stupid method -- seed OpenSSL's PRNG with libc PRNG.  This is
-     insecure in the cryptographic sense, but people who care about
+     cryptographically weak, but people who care about strong
-     security will use /dev/random or their own source of randomness
+     cryptography should install /dev/random (default on Linux) or
-     anyway.  */
+     specify their own source of randomness anyway.  */
+
+  logprintf (LOG_VERBOSE, _("Warning: using a weak random seed.\n"));
 
   while (RAND_status () == 0 && maxrand-- > 0)
     {