Date: Tue, 27 Feb 2001 11:51:29 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Garance A Drosihn <drosih@rpi.edu> Cc: Kris Kennaway <kris@FreeBSD.ORG>, Terry Lambert <tlambert@primenet.com>, "Jacques A. Vidrine" <n@nectar.com>, arch@FreeBSD.ORG Subject: Re: rand(3) (was Re: cvs commit: ports/astro/xglobe/files patch-random) Message-ID: <200102271952.f1RJqSs35224@cwsys.cwsent.com> In-Reply-To: Your message of "Tue, 27 Feb 2001 13:30:46 EST." <p05010404b6c19bb3a3c1@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <p05010404b6c19bb3a3c1@[128.113.24.47]>, Garance A Drosihn writes: > At 11:15 PM -0800 2/26/01, Kris Kennaway wrote: > >There goes your "pseudo-standardization" argument out the window, > >which means you obviously hadn't checked your facts and were just > >describing the state of your internal fantasy universe. Thanks > >for wasting everyone's time with this silly thread. > > I am aware of other people who live in the same fantasy universe, > so I think this thread is spiraling downwards. A few of those > people even ran tests to see if rand() produced the same results > across the platforms they cared about, and once that was proven, > they just assumed that would remain true (most of them are doing > comparisons across time, though, not across platforms. Still, > "across time" tends to become "across platforms", as hardware > changes around here). It *is* interesting to find out that glibc > does use the same algorithm as random(). Glibc hasn't been > used much among the people I'm thinking of, but it's certainly > getting used more as linux makes inroads on campus. Now I am > also wondering if rand() still produces similar results across > the other unix platforms we have on campus. <taking my security administrator's hat off and putting my manager's hat on> Just as with virtually everything else in this industry we have multiple standards (don't even get me started with the telecommunications and building industries). Some shops or developers may wish to integrate across platforms while others focus on FreeBSD/Linux. Could we not implement a solution similar to malloc()'s /etc/malloc.conf and MALLOC_OPTIONS? The default could be set to rand() calling random(), while setting the appropriate option would revert to the "old" behaviour. Or, #ifdef. Either way we satisfy both camps. <putting my security administrator's hat back on> Ideally, rand() is insecure and should be removed or should call random(), protecting clueless developers from themselves and more importantly protecting clueless end users from clueless developers. We three choices: 1. Status quo. 2. A more secure rand(). 3. A hybrid. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102271952.f1RJqSs35224>