* seckey-cert.c (protect_secret_key): Use gry_create_nonce for the

IV; there is not need for real strong random here and it even
better protect the random bits used for the key.

1 files changed, 1 insertions, 2 deletions

diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 5b0238240..7356cb224 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -346,8 +346,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
 	    assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
 	    if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 )
 		BUG(); /* yes, we are very careful */
-	    gcry_randomize (sk->protect.iv, sk->protect.ivlen,
-                            GCRY_STRONG_RANDOM);
+	    gcry_create_nonce (sk->protect.iv, sk->protect.ivlen);
 	    gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
 	    if( sk->version >= 4 ) {
                 unsigned char *bufarr[PUBKEY_MAX_NSKEY];