Hi,

When I am using your lib (code) in my project and preform VeraCode scan for security testing then found many flaws. One of the common flaw is "Insufficient Entropy (CWE ID 331)".

This flaw comes in class: crypt.h on line no: 113 and 118.

Code is below:

if (++calls == 1)
{
    srand((unsigned)(time(NULL) ^ ZCR_SEED2));
}
init_keys(passwd, pkeys, pcrc_32_tab);
for (n = 0; n < RAND_HEAD_LEN-2; n++)
{
    c = (rand() >> 7) & 0xff;
    header[n] = (unsigned char)zencode(pkeys, pcrc_32_tab, c, t);
}

Please update me if any resolution is available for security flaws or suggest me if any correction is required.

Thanks in Advance.