Date: Sun, 25 Feb 2001 01:33:07 -0800 (PST) From: Matt Dillon <dillon@earth.backplane.com> To: Kris Kennaway <kris@obsecurity.org> Cc: Bruce Evans <bde@zeta.org.au>, Robert Watson <rwatson@FreeBSD.ORG>, Nick Sayer <nsayer@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: ports/astro/xglobe/files patch-random Message-ID: <200102250933.f1P9X7a13051@earth.backplane.com> References: <Pine.BSF.4.21.0102251920150.6561-100000@besplex.bde.org> <200102250900.f1P90Qc12868@earth.backplane.com> <20010225012246.A30454@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
:
:Matt, please read the subject line of the thread you're replying to,
:and the commit which started it. rand() just isn't very good as it
:stands, from other standpoints that security. Please also read my
:reply to -arch before responding further.
:
:Kris
I went back and read it. It hasn't changed anything. The manual
page for rand() is very specific on the API. If you don't like
the sequence returned you could simply fix rand() in libc to use
srandom() without breaking the spec. But putting a #warning in
is not appropriate. There is nothing fundamentally wrong with
the API - in fact, it's almost exactly the same API that srandom()
uses except srandom() provides for a larger range of options in
regards to seeding. Adding a #warning is adding a hack rather then
adding a fix. You may not like the fact that rand() can never be
cryptographically secure, but that doesn't illegitimize rand(). As
I said, there is a huge class of problems for which a fixed pseudo
random sequence is perfectly acceptable.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102250933.f1P9X7a13051>