Date: Sun, 25 Feb 2001 01:33:07 -0800 (PST) From: Matt Dillon <dillon@earth.backplane.com> To: Kris Kennaway <kris@obsecurity.org> Cc: Bruce Evans <bde@zeta.org.au>, Robert Watson <rwatson@FreeBSD.ORG>, Nick Sayer <nsayer@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: ports/astro/xglobe/files patch-random Message-ID: <200102250933.f1P9X7a13051@earth.backplane.com> References: <Pine.BSF.4.21.0102251920150.6561-100000@besplex.bde.org> <200102250900.f1P90Qc12868@earth.backplane.com> <20010225012246.A30454@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
: :Matt, please read the subject line of the thread you're replying to, :and the commit which started it. rand() just isn't very good as it :stands, from other standpoints that security. Please also read my :reply to -arch before responding further. : :Kris I went back and read it. It hasn't changed anything. The manual page for rand() is very specific on the API. If you don't like the sequence returned you could simply fix rand() in libc to use srandom() without breaking the spec. But putting a #warning in is not appropriate. There is nothing fundamentally wrong with the API - in fact, it's almost exactly the same API that srandom() uses except srandom() provides for a larger range of options in regards to seeding. Adding a #warning is adding a hack rather then adding a fix. You may not like the fact that rand() can never be cryptographically secure, but that doesn't illegitimize rand(). As I said, there is a huge class of problems for which a fixed pseudo random sequence is perfectly acceptable. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102250933.f1P9X7a13051>