diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod index 588b082e7c67a2482e4c211f5eed845c83f7d1eb..a6dbf516b39278d611420c211d46d1814459caab 100644 --- a/doc/crypto/rand.pod +++ b/doc/crypto/rand.pod @@ -123,19 +123,20 @@ function and xor). When bytes are extracted from the RNG, the following process is used. For each group of 8 bytes (or less), we do the following, -Input into the hash function, the top 8 bytes from 'md', the byte that -are to be overwritten by the random bytes and bytes from the 'state' +Input into the hash function the top 8 bytes from 'md', the bytes that +are to be overwritten by the random bytes, and bytes from the 'state' (incrementing looping index). From this hash function output (which is kept in 'md'), the top (upto) 8 bytes are returned to the caller and the bottom (upto) 8 bytes are xored into the 'state'. -Finally, after we have finished 'generation' random bytes for the -called, 'count' (which is incremented) and 'md' are fed into the hash -function and the results are kept in 'md'. I believe the above -addressed points 1 (use of SHA-1), 6 (by hashing into the 'state' the -'old' data from the caller that is about to be overwritten) and 7 (by -not using the 8 bytes given to the caller to update the 'state', but -they are used to update 'md'). +Finally, after we have finished 'num' random bytes for the caller, +'count' (which is incremented) and the local and global 'md' are fed +into the hash function and the results are kept in the global 'md'. + +I believe the above addressed points 1 (use of SHA-1), 6 (by hashing +into the 'state' the 'old' data from the caller that is about to be +overwritten) and 7 (by not using the 8 bytes given to the caller to +update the 'state', but they are used to update 'md'). So of the points raised, only 2 is not addressed (but see L).