Date: Tue, 1 May 2001 18:20:34 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: kris@obsecurity.org (Kris Kennaway) Cc: jason@smethers.net (Jason Smethers), chat@FreeBSD.ORG Subject: Re: BSD libc for Linux? Message-ID: <200105011820.LAA17496@usr01.primenet.com> In-Reply-To: <20010501104324.D7834@xor.obsecurity.org> from "Kris Kennaway" at May 01, 2001 10:43:24 AM
next in thread | previous in thread | raw e-mail | index | archive | help
> > The statistical differences may be a result of your programs > > use of the rand() family. Linux's GNU libc decided not to > > implement these functions for backwards compatibility. Instead > > it aliases these functions to the random() family. > > which is a legitimate thing to do according to the standards. > FreeBSD fixed its rand() in -current too; anyone using the old version > for simulations is likely to be getting sorely skewed data out because > the algorithm is so non-random. FreeBSD _broke_ its random number generator. I wish the non-scientists who keep claiming that it is legitimate to break this code, and who think that when you multiply two random numbers that the result is "even more random than before the multiply", and who think randomness is more important than pseudo randomness... would take a frigging 600 level college course in algorithms, and read: The Art Of Computer Programming Volume 2: Seminumerical Algorithms Donald Knuth Addison-Wesley In particular, they should read all of: Chapter 3 -- Random Numbers In particular, section 3.2.1.3 discusses /potentcy/, while section 3.2.2 discusses other methods. See also the "spectral test" in section 3.3.4 for the definition of "acceptably random". AFAIK, the "improved" FreeBSD code has not yet passed this test, which is currently the strongest test known. The purpose of rand() is to provide a sound mathematical basis from which real work can be accomplished, not to make it so some jackass can protect his password file with security through obscurity, without having to get off their duff and expend any effort. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105011820.LAA17496>