-----BEGIN PGP SIGNED MESSAGE-----

A Kerberos V4 session key is chosen by calling random() repeatedly. THe PRNG is seeded with srandom(time.tv_usec ^ time.tv_sec ^ p ^ n++), where p is a static integer set to getpid() ^ gethostid() on the first call and n is a static counter.

Is there any entropy here??? Most, if not all, Kerberos servers run one time synchronization protocol or another, which reduces the entropy to a few bits at most.

DEADBEAT <na5877@anon.penet.fi>

usec grainlessness typically doesn't approach anything like a usec on most OS implimentations either. -- +----------------------------------+-----------------------------------------+ |Julian Assange | "if you think the United States has | |FAX: +61-3-9819-9066 | stood still, who built the largest | |EMAIL: proff@suburbia.net | shopping centre in the world?" - Nixon | +----------------------------------+-----------------------------------------+