Date: Sun, 02 Feb 2003 16:41:39 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Mark Murray <mark@grondar.org> Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>, current@FreeBSD.ORG Subject: Re: rand() is broken Message-ID: <3E3DBAC3.14E4ED81@mindspring.com> References: <200302022302.h12N23aX053186@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Murray wrote: > > That's why randomness tests + mathematician to interpretate their results > > are needed to compare what we have now in random(3) with RC4. Easy and > > understandable code not always mean better results. We can't switch > > algorithms blindly, i.e. when their comparative quality remains unknown. > > Actually, RC4 is well understood (and trusted). LCRNG's are considered > less good in comparison with cryptographic techniques. There is too much > to go wrong in them (as you have just discovered!) :-) Donald Knuth seemed to like them well enough to publish the algorithm, as part of his discussion on randomness. He *didn't* publish RC4, in that same discussion. Cryptographic uses are a small percentage of the real-world use for PRNG's. If you are worried about cryptographic strength, then you shouldn't be using a libc function. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E3DBAC3.14E4ED81>