Optimizations and undefined behavior
Posted Jul 21, 2009 18:05 UTC (Tue) by BrucePerens
In reply to: Optimizations and undefined behavior
Parent article: Fun with NULL pointers, part 1
there are rare cases where code intentionally uses undefined behavior.
No correct cases.
Undefined really means undefined. There was never any guarantee that the value used in the OpenSSL code would provide any entropy. Undefined doesn't mean "random", "unknown", or "non-deterministic", it means "implementation dependent".
So, yes, it's difficult to get entropy without a specific service that provides entropy. But that's what you need, not just a garbage variable.
to post comments)