Date: Sun, 25 Feb 2001 01:22:46 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: Bruce Evans <bde@zeta.org.au>, Kris Kennaway <kris@obsecurity.org>, Robert Watson <rwatson@FreeBSD.ORG>, Nick Sayer <nsayer@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: ports/astro/xglobe/files patch-random Message-ID: <20010225012246.A30454@mollari.cthul.hu> In-Reply-To: <200102250900.f1P90Qc12868@earth.backplane.com>; from dillon@earth.backplane.com on Sun, Feb 25, 2001 at 01:00:26AM -0800 References: <Pine.BSF.4.21.0102251920150.6561-100000@besplex.bde.org> <200102250900.f1P90Qc12868@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 25, 2001 at 01:00:26AM -0800, Matt Dillon wrote: > : > :The C standard just gives an example of a portable implementation without > :saying that it is a bad example. > : > :On second thoughts, the standard rand() is somewhat broken as designed. > :"unsigned int" seed limits it to UINT_MAX sequences, and there is no > :way to ask for irreproducible randomness. > : > :Bruce >=20 > Yes, but on the otherhand there are a huge class of applications > that don't need irreproducible randomness. For example, games, > many classes of math problems, EE and other simulations... quite a few > things do just fine with a standard pseudo-random sequence. It's only > security and cryptography where rand() really breaks down. These are > certainly important application classes, but they are by no means the > *only* application class to consider. I see no reason to marginalize > 'everything else' with a warning. I'm not that paranoid. Matt, please read the subject line of the thread you're replying to, and the commit which started it. rand() just isn't very good as it stands, from other standpoints that security. Please also read my reply to -arch before responding further. Kris --wRRV7LY7NUeQGEoC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6mM7mWry0BWjoQKURApk3AJ9wrCNryThBxtwMCrrc/IP4ZB0lNQCcDD32 4euBhLkO4A65zl+n9hiCWUM= =9sef -----END PGP SIGNATURE----- --wRRV7LY7NUeQGEoC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010225012246.A30454>