Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Feb 2001 03:02:26 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Matt Dillon <dillon@earth.backplane.com>
Cc:        cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject:   Re: cvs commit: ports/astro/xglobe/files patch-random
Message-ID:  <20010225030226.A31350@mollari.cthul.hu>
In-Reply-To: <200102250933.f1P9X7a13051@earth.backplane.com>; from dillon@earth.backplane.com on Sun, Feb 25, 2001 at 01:33:07AM -0800
References:  <Pine.BSF.4.21.0102251920150.6561-100000@besplex.bde.org> <200102250900.f1P90Qc12868@earth.backplane.com> <20010225012246.A30454@mollari.cthul.hu> <200102250933.f1P9X7a13051@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--M9NhX3UHpAaciwkO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 25, 2001 at 01:33:07AM -0800, Matt Dillon wrote:
> :
> :Matt, please read the subject line of the thread you're replying to,
> :and the commit which started it.  rand() just isn't very good as it
> :stands, from other standpoints that security.  Please also read my
> :reply to -arch before responding further.
> :
> :Kris
>=20
>     I went back and read it.  It hasn't changed anything.  The manual
>     page for rand() is very specific on the API.  If you don't like
>     the sequence returned you could simply fix rand() in libc to use
>     srandom() without breaking the spec.  But putting a #warning in

Gah, didn't I also tell you to go and read my reply on -arch? *sigh*

>     I said, there is a huge class of problems for which a fixed pseudo
>     random sequence is perfectly acceptable.

And you're still missing the point that some non-cryptographic
applications of rand() as it stands are invalid, because of the reason
noted in the commit message.  However, I'll ask you a third time to
read my followup on -arch.

Kris

--M9NhX3UHpAaciwkO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6mOZCWry0BWjoQKURAjJqAJ9xU87YxQBrXAqOyjicmDHduQACRwCfcLZN
O38eoTbXIirImhgy8HIzSu8=
=Epvh
-----END PGP SIGNATURE-----

--M9NhX3UHpAaciwkO--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010225030226.A31350>